DATA  CENTER  STRATEGIES:  CONSOLIDATION  AND  VIRTUALIZATION  page3i 


BUSINESS  TECHNOLOGY  LEADERSHIP 


PHTMA 

Why  CIOs  with 
China  experience 
are  becoming  stars 
in  U.S.  companies 

Page  72 


WIRELESS 

SECURITY 

Policies,  technologies 
for  wireless  LANs 
that  let  you  rest  easy 

Page  62 


FORGET  THE  HYPE. 

Service-oriented  architecture 


! 


is  not  for  everybody  Here’s 
howto  tell  if  it’s  for  you.  And 
also,  how  to  get  started. 


JUNE  15.  2006  |  $9.00  |  CIO.COM 


BY  CHRISTOPHER  KOCH  Page49 


HEfy 


i  i! 

i 

« 

i  :• 

!  il  % 

=  1 

■ 

H 

it 

L  .  _ _ ^ _ ^ _ .. 

■HBB 


Your  potential.  Our  passion. 

Microsoft 


In  a  people-ready  business,  people  make  it  happen.  People,  ready  with  software. 

When  you  give  your  people  tools  that  connect,  inform,  and  empower  them,  they're  ready. 
Ready  to  collaborate  with  partners,  suppliers,  and  customers.  Ready  to  streamline  the 
supply  chain,  beat  impossible  deadlines,  and  develop  ideas  that  can  sway  the  course  of 
industry.  Ready  to  build  a  successful  business:  a  people-ready  business.  Microsoft.  Software 
for  the  people-ready  business.SM  To  learn  more,  visit  microsoft.com/peopleready 


.  ■ 


©  2006  Microsoft  Corporation.  All  rights  reserved.  Microsoft  and  "Your  potential.  Our  passion."  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


©2006  Samsung  Telecommunications  America,  L.P.  Samsung  is  a  registered  trademark  of  Samsung  Electronics  America,  Inc.  and  its  related  entities.  All  rights  reserved. 


Convergence,  meet  the  new  guy. 

Finally,  the  world  has  a  truly  converged  work  environment.  The 
Off  iceServ™  7200  platform  from  Samsung's  Business  Communication 
Systems  integrates  voice,  data,  VoIP,  analog,  digital  and  IAN  and 
delivers  them  all  via  wireline  and  wireless  technologies.  With  wireless 
in  the  mix,  employees  can  remain  connected,  efficient  and  productive 
throughout  your  business.  Even  when  they're  away  from  their  desks. 
Now  that's  convergence.  Complete  convergence. 


AMSUN 


All  hail  the  new  guy. 

For  more  information  visit  www.samsungbcs.com/OS7200 


s 


JUNE  15,  2006  |  VOL/19  |  NO/17 


Columns 


36  Getting  in  Sync 

leadership  Your  reputation  for  perfor¬ 
mance  depends  on  your  ability  to  align  with 
end  users. 

By  Paul  Ingevaldson 

40  Gifts  that  Keep  on  Giving 
collaboration  As  the  top  investment 
banks  have  discovered,  giving  away  software 
tools  to  key  customers  and  suppliers  can 
save  both  of  you  lots  of  time  and  money. 

By  Michael  Schrage 


49 


The  Truth  About  SOA 


COVER  STORY  |  ENTERPRISE  ARCHITECTURE  In  which  We  pOUr  Cold 
water  on  the  hype  and  answer  your  questions  about  why,  how  and  when  you 
should  (or  should  not)  start  thinking  about  implementing  a  service-oriented 
architecture.  By  Christopher  Koch 


44  Red  Light,  Green  Light 
alignment  How  one  CIO  used  project 
management  discipline  and  the  Traffic  Light 
Report  to  align  her  IT  department  with  her 
company’s  business  goals. 

By  Catherine  Aczel  Boivie 


62  The  Security  Plan  for  Your  Wireless  LAN 

wireless  Take  advantage  of  the  latest  security  tools  and  keep  your  users 
informed  if  you  want  to  achieve  wire-free  bliss. 

By  Thomas  Wailgum 

72  (  The  China  Gambit 

career  China,  starved  for  executive  talent,  is  importing  CIOs  from  the 
West.  And  discovering  how  IT  works— and  doesn’t— in  this  emerging  factory 
to  the  world  is  supercharging  their  careers. 

By  Stephanie  Overby 

84  Unstuck  in  the  Middle 

mid-market  1  strategy  Life  as  a  small-  or  mid-market  CIO  may  be 
one  of  the  toughest  challenges  in  IT.  Here’s  how  a  few  IT  leaders  in  this  space 
have  persevered  and  even  flourished.  By  Matt  Villano 


_  .J  l— - — 

>  Ax* 

Q.  '  » 


\ 

\ 

\ 

\ 

— A 


7? 


V  , 


bfy  vy 

Lenovo  CIO  Steve  Bandrowczak 

found  that  having  a  local  second- 
in-command  is  invaluable  when 
doing  business  in  China. 


www.cio.com  |  JUNE  15,  2006  3 


contents 


In  Every  Issue 


6  From  the  Editor 

My  top  10  takeaways  from  the  recent 
CIO  Leadership  Conference. 

By  Abbie  Lundberg 

8  From  the  CEO 

The  best  kind  of  competition:  vying  to 
bridge  the  digital  divide. 

By  Michael  Friedenberg 

14  Inbox 

Readers  weigh  in  on  net  neutrality  and 
toxic  leaders. 

19  Trendlines 

►  Tech  that  Fuels  Ethanol  Production 
Your  Web,  My  Web,  Our  Web 
Iraq’s  Virtual  Library 
»-  What’s  Scarier:  Incompetence 
or  Terrorism? 

RFID  Rules 

When  East  Meets  West  on  IP  Rights 
Outfoxing  Bill  Gates 
Why  Technology  Fails 
Room  to  Improve  IT’s  Moves 


31  :  Essential  Technology 

Done  well,  consolidation  and  virtual¬ 
ization  can  cut  computing  costs  while 
improving  performance. 

By  Christopher  Lindquist 


94  Index 


96  Endlines 

The  Universal  Vendor  Translation 
Machine  By  Scott  Kirsner 


[THE  LATEST  SPECIAL  REPORT] 

The  ABCs  of  SOA 

Service-oriented  architecture  promises  to  give 
compan  ies  a  portfol  io  of  services  that  can  be 
mixed  and  matched  to  create  automated  business 
processes.  We’  1 1  tel  I  you  how 
to  make  the  business  case 
for  SOA,  when  not  to  pursue 
it,  how  much  reuse  you  can 
expect  (and  howto  increase 
that),  how  SOA  wi  1 1  affect  you  r 
IT  organization  and  more. 

))  www.cio.com/specialreports 


[PODCASTS] 

THE  OPEN-SOURCE 
ENFORCER 

Harald  Welte  has  made  it  his  (very  suc¬ 
cessful)  businessto  protect  free  and  open- 
source  software  from  corporate  infringe¬ 
ment.  I  n  our  conversation,  Welte  descri  bes 
hisintentto  keep  corporate  open-source 
users  on  the  straight  and  narrow. 

www.cio.com/podcasts/authors.html 

EYE  ON  THE  FUTURE 

Lou  Mazzucchelli,  fellow  at  the  Cutter 
Business  Technology  Council,  tells  CIO 
how  IT  history  repeats  itself,  and  which 
emergingtechnologies  CIOs  should  have 
on  thei  r  radar.  Also  hear  excerpts  from 
his  presentation  at  this  spring's  Cutter 
Consortium  Summit. 

www.cio.com/podcasts/authors.html 


S 


[IN  THE  NEWS] 

GOVERNMENT 

SURVEILLANCE 


It  was  first  reported 
that  BellSouth,  Verizon 
and  AT&T  turned  over 
customer  records  to  the 
National  Security  Agency 
while  Qwest  refused. 

Now  BellSouth  and 
Verizon  are  denying  the 
charges,  and  AT&T  may 
be  next.  But  what  would 
you  do  if  the  feds  came 
knocking,  telling  you  it’s 
your  patriotic  duty  to 
hand  over  your  custom¬ 
ers’  personal  data?  Read 
our  stories  and  join  the 
conversation,  www.cio 
.com/specialreports/ 
surveillance.html 


WWW. 

CIO. 

com 


4  JUNE  15,  2006  |  www.cio.com 


CIO  Newsletters— The  Latest  News  Delivered  on  Demand 
»  Careers:  Job  listings  and  critical  career  advice,  straightto  your  inbox 
»  Information  Security:  Up-to-date  security  news  and  information 
»  Open  Source:  The  latest  developments  in  open-source  software 

Find  these  newsletters  and  many  more  at  www.cio.com/newsletters. 


©2006  Hewlett-Packard  Development  Company,  L.P. 


Confessions  of  the  World’s  Most  Demanding  CIOs. 


“We  have  met 
the  competition, 
and  it  is  us.” 

“An  OOCL  container  ship  is  only  the  most  visible  element  of  an  enormously 
complex  enterprise  that  moves  goods  from,  say,  Shanghai  to  Kilkenny. 

“With  our  IT,  we  do  that  better  than  our  competitors.  So  we  compete  against 
our  own  benchmarks. 

“HP  helped  us  get  there  — to  migrate  from  mainframe  to  open  systems, 
and  to  adopt  standards-based  technology  for  real-time  communication  with 
partners.  So  OOCL  can  adapt  to  market-driven  changes  much  faster  than 
other  carriers. 

“Today,  IT  costs  have  dropped  sharply,  and  we  project  double-digit 
growth  for  the  next  five  years. 

“Now  we’ll  try  to  beat  that.” 

-Ken  Chih,  CIO 

Make  change  work  for  you.  Visit  www.hp.com/adapt 


oocl 


Solutions  for  the  adaptive  enterprise. 


invent 


FROM  THE  EDITOR 


Lessons  in 
Leadership 

There  were  lots  of  great 
takeaways  from  the  recent 
CIO  Leadership  Conference. 
Here  are  my  top  10. 


It's  wet.  We're  into  the  seventh  day  of  the  great  New  England  downpour  of 2006. 
There’s  well  over  a  foot  of  rain  flooding  roads  and  fields  and  basements.  Rain  makes 
me  reflective,  and  today  I’m  looking  back  on  last  month’s  CIO  Leadership  Conference. 

The  conference  was  a  mix  of  inspiration,  great  networking  and  practical  advice.  We 
opened  with  a  talk  by  author  and  historian  David  McCullough,  closed  with  a  practicum 
from  Harvard  professor  Joseph  Badaracco  on  how  to  handle  ethical  dilemmas,  and  in 
between  there  were  terrific  sessions  with  Harvard  icon  Warren  McFarlan,  Royal 
Caribbean  CIO  Tom  Murphy  and  loads  of  other  accomplished  practitioners. 

Thinking  back  on  what  I  heard,  a  few  things  stand  out.  Here  are  my  top  10: 


10.  “Failure  is  not  an  option”  (once  uttered  by  Apollo  13  project  leader  Gene  Krantz).  This, 
according  to  McCullough,  was  one  of  George  Washington’s  defining  traits.  No  matter  what 
mistakes  he  made,  he  didn’t  let  his  disappointment  in  himself  discourage  him.  Thinking 
about  Washington  in  those  terrible  days  of 


1776  gave  me  a  whole  new  perspective  on 
the  word  dis-courage. 

9.  The  kind  of  organization  you’re  in 
determines  what  kind  of  leader  you  need  to 
be.  McFarlan’s  example  of  the  challenges 


"The  true  test  of  a  leader  is 
how  you  behave  when  the 
chips  are  down  and  things 
are  ambiguous— including 
when  no  one's  watching." 

-David  McCullough 


(successfully)  faced  both  by  Pete  Solvik, 

CIO  at  Cisco  when  the  company  was  in  hypergrowth  mode,  and  Brad  Boston,  Cisco’s 
CIO  since  2002,  was  a  great  illustration  of  how  different  business  conditions  require 
different  skills.  It  also  highlighted  the  futility  of  defining  a  single  ideal  CIO  profile. 


8.  A  good  leader  has  integrity.  That  means  being  accountable,  truthful,  a  team  player 
and  tough  when  you  need  to  be.  World  Wildlife  Fund  CIO  Greg  Smith  led  an  interactive 
discussion  on  what  it  takes  to  be  an  effective  CIO. 


7.  Don’t  be  lazy.  Tom  Murphy  said  that  leaders  must  push  beyond  their  natural  abil¬ 
ities  (of  charm  or  humor  or  fortitude)  if  they  really  want  to  make  a  difference. 

6.  Make  sure  that  everyone  in  your  organization  can  articulate  what  it  is  you’re  try¬ 
ing  to  accomplish.  Tyrone  Howard,  who  runs  the  program  management  office  for 
the  City  of  Chandler,  Ariz.,  spoke  of  the  power  of  effectively  communicating  your 
strategy  and  goals  throughout  the  organization. 

5.  The  true  test  of  a  leader  is  how  you  behave  when  the  chips  are  down  and  things  are 
ambiguous— including  when  no  one’s  watching.  -McCullough 
4.  Your  team  is  allowed  to  have  morale  problems;  leaders  are  not.  -McCullough 
3.  Leaders  require  a  sense  of  history— not  just  so  they  can  learn  from  the  past  but  so 
they  will  understand  that  what  they  do  matters  in  the  long  run.  -McCullough 

2.  When  faced  with  ethical  dilemmas,  apply  three  tests  to  your  decision,  said 
Badaracco:  The  Newspaper  Test  (How  would  you  feel  if  you  saw  it  as  a  headline  in 
tomorrow’s  paper?);  The  Golden  Rule  (How  would  you  feel  if  it  was  done  to  you?);  and 
The  Obituary,  or  Best  Friend,  Test  (How  do  you  want  to  be  remembered?) 

1.  Listen.  McFarlan,  McCullough  and  others  agreed  that  listening  well  is  one  of  the  most 
essential  leadership  skills  of  all. 


Abbie  Lundberg,  Editor  in  Chief 

lundberg@cio.com 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  STEVEN  VOTE 


NO  VIRUSES. 

NO  SPAM. 

NO  DOWNTIME. 
EMAIL  DONE  RIGHT. 


No  one  can  promise  complete  email  security  and  availability.  We  don’t  live  in  that  kind  of  world. 
Yet  one  company  has  earned  a  worldwide  reputation  for  making  email  as  secure  and  available  as 
it  is  important.  A  company  that  not  only  screens  out  viruses,  spam  and  spyware,  but  also  provides 
solutions  for  speedy  recovery  in  case  of  system  failure.  A  company  that  reduces  storage  costs 
by  archiving  to  secondary  storage  and  blocking  unwanted  emails.  A  company  that  provides 
management  tools  for  efficient  email  retention  and  fast  email  discovery.  A  company  that  does 
email  right.  Symantec.  Because  we  know  it’s  not  just  email,  it’s  your  business.  For  more 
information  visit  www.symantec.com/esa  or  call  800-745-6054  BE  FEARLESS. 


Symantec,. 


orporation.  All  rights  reserved.  Symantec 
emarks  or  registered  trademarks  of 
es  in  the  U.S.  and  other  countries. 


BUSINESS  TECHNOLOGY  LEADERSHIP 


FROM  THE  CEO 


IT  Finds  a  Heart 

The  best  kind  of  competition:  vying  to  bridge  the  digital  divide 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J  .  Beach 

CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 
GENERAL  MANAGER  Mark  Hall 
program  director  Shaw  Lively 
VP,  development  Dexter  Siglin 
managing  dir.,  content  development  Richard  Pastore 
dir.,  external  relations  Karen  Fogerty 
director  of  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 
mgr.  of  operations  and  project  mgmt.  Jean  Costello 
director  of  relationship  management  Steve  Rovniak 
program  services  managers  Michael  Fahlsing, 

Ellen  Friedman.  Bill  Golden.  Carrie  Mathews,  Bill  Roche 


For  many  reasons— an  improving  economy,  avian 
flu  anxiety,  the  war  in  Iraq— the  issue  of  the  digital 
divide  has,  unfortunately,  been  placed  on  the  back 
burner.  But  that  doesn’t  mean  it  has  gone  away.  The 
numbers  speak  for  themselves. 

According  to  a  presentation  given  by  Intel  Presi¬ 
dent  and  CEO  Paul  Otellini,  of  the  15  percent  of  the 
world’s  population  that  has  access  to  the  Internet, 
less  than  5  percent  have  broadband.  Of  the  fortunate 
800  million  people  in  the  world  who  earn  more  than 
$25,000  a  year,  70  percent  have  PCs.  But  of  the  4.7  billion  people  who  earn  between 
$1,000  and  $25,000  annually,  only  10  percent  have  PCs.  And  of  the  1  billion  who  earn 
less  than  $1,000  a  year,  almost  none  have  a  computer. 

That’s  why  it  is  so  refreshing  (not  to  mention  surprising)  to  find  that  two  rivals, 
AMD  and  Intel,  are  now  competing  to  address  this  issue,  each  in  its  own  way. 

AMD’s  50x15  initiative  is  intended  to  build  alliances  to  enable  affordable  Internet 
access  and  computing  capability  for  50  percent  of  the  world’s  population  by  the  year 
2015  ( http://50xlS.amd.com/en-us ).  In  tandem  with  this  announcement,  AMD  has 
launched  the  Personal  Internet  Connection,  or  PIC,  which  the  company  describes  as 


development  managers 

Ross  Chapin,  Patrick  Clarke.  Lauren  DeLong. 

Steve  Dodman,  Robert  Graham 

EXECUTIVE  PROGRAMS 

vp.  executive  programs  Ellen  Daly 
director  of  marketing  Mary  Cardwell 

DIRS..  BUSINESS  DEVELOPMENT 

Chris  Mattoon.  John  Vulopas 

dir.,  event  planning  Amy  Turell 
conference  manager  Judith  Kittredge 
event  planner  Sarah  Yee 
designer  Andrea  Slobogan 
client  relations  associate  Lisa  Byron 
client  services  specialist  Cress  O'Brien 

ONLINE 

general  manager  Martha  Connors 
director  of  online  technology  Christopher  Murray 
manager  of  online  production  services  Todd  Borglund 
senior  i.t.  architect  Srinivas  Dutta 
audience  development  manager  Judah  Phillips 

ONLINE  PRODUCERS 

Bill  Hall,  Jennifer  McCarthy,  Joe  Nguyen 

RICH  MEDIA  PRODUCER 

Lisa  Boles 

online  advertising  specialist  Irina  Gabechiia 

INFORMATION  SYSTEMS 

idg  dir.  of  information  services  Nancy  Newkirk 
infrastructure  manager  James  C.  Burgoyne 
lead  developer  Sean  McCracken 
senior  user  support  specialist  Christopher  A.  Kay 
user  services  specialist  Gloria  Lam 
web  developer  Sanghee  Seo 


“a  new  category  of  affordable  consumer  devices  designed  to  provide  managed  Inter¬ 
net  access.. .to  enhance  communications,  entertainment  and  education  opportunities.” 

Not  to  be  outdone,  Intel  has  launched  its  own  initiative,  the  World  Ahead  Program 
{www.intel.com/intel/worldahead).  Its  five-year  goals  are  to  extend  wireless  broad¬ 
band  PC  access  to  the  world’s  next  billion  users  while  training  10  million  more  teach¬ 
ers  on  the  effective  use  of  technology  in  education,  with  the  possibility  of  reaching 
another  1  billion  students.  Intel  has  committed  $1  billion  to  this  program  over  the  next 
five  years. 

I  don’t  know  if  this  is  an  exercise  in  one-upmanship  between  AMD  and  Intel. 
Truthfully,  who  cares?  The  bottom  line  is  that  hopefully,  in  the  near  future,  a  greater 
percentage  of  the  world’s  population  will  be  able  to  have  its  voice  heard.  And  that’s 
a  good  thing.  Because  if  this  issue  is  not  resolved,  and  soon,  the  consequences  will  be 
devastating  for  people  and  nations  on  both  sides  of  the  divide. 

That  is  why  it  was  so  welcome  to  hear  AMD  CEO  Hector  Ruiz  say  at  the  World  Con¬ 
gress  IT  2006  that,  “IT  has  a  brain.  Now  it’s  time  to  show  it  has  a  heart.”  Those  are  sen¬ 
timents  that  should  be  shared— and  put  into  practice— by  the  whole  IT  community. 


Michael  Friedenberg,  President  and  CEO 

mfriedenberg(a)cio.com 


PRODUCTION 

VP,  MANUFACTURING  Chris  CuOCO 

production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

sr.  director,  marketing  comm.  Sue  Yanovitch 
sr.  marketing  comm,  specialist  Susan  Maloney 
marketing  comm,  specialist  Lynn  Holmlund 

RESEARCH 

research  director  Lorraine  Cosgrove  Ware 
research  manager  Carolyn  Johnson 

ADMINISTRATION 

coo  Matt  Smith 

dir.,  finance  Margarita  Chiango 

FINANCIAL  ANALYST.  ONLINE  AND  INTEGRATED  PRODUCTS 

Chris  Bernardi 

executive  assistant  to  the  president  Diane  Martin 

BILLING  SPECIALIST  Joyce  GilliS 

facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp.  human  resources  Patricia  Chisholm 
sr.  hr  representative  Beth  S.  Ramistella 

CXONMEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 


8 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  CHRISTOPHER  HARTING 


»BPA 


It's  fundamental  to  your  business.  Are  you  leveraging  your  location  data? 

Customer  addresses,  time  zones,  office  facilities,  service  areas,  political  boundaries,  critical  shipments, 
utility  networks,  field-workers,  real  estate,  mobile  assets,  and  warehouses — location  is  mission  critical 
in  every  organization. 


By  leveraging  the  location  information  that  is  inherent  in  your  information  systems,  you  can  manage 
your  organization  more  efficiently  and  cost-effectively,  helping  you  gain  a  competitive  advantage. 

ESRI  technology  is  a  standards-based,  scalable,  and  interoperable  platform  that  can  exploit  location 
data  in  your  business  processes.  With  ESRI  geographic  information  system  (GIS)  technology,  you  can 
make  location  information  and  analysis  available  to  the  people  in  your  organization — at  all  levels — 
who  need  it  most. 


To  learn  more  about  leveraging  your  location  data,  please 
visit  www.esri.com/it  or  call  1-888-373-1192. 

You  have  the  location  information;  put  it  to  work  for  you. 


Copyright  O  2005  ESRI.  All  rights  reserved.  The  ESRI  globe  logo,  ESRI,  ArcMap,  www.esn.com,  and  Arclnfo  are  trademarks,  registered  trademarks,  or  service  marks  of  ESRI  in  the  United  States,  the  European  Community,  or  certain  other  jurisdictions. 


Your  potential.  O^f  passion 

Microsoft  KjM 


s,t|wt« 


A  Stock  Market  Processing  300  Million  Transactions  a  Day. 

Running  on  Microsoft  SQL  Server  2005. 

*  V  JS  '  -  .  r  ‘  i  '  f  Ih 


NASDAQ,  the  largest  U.S.  electronic  stock  market,  lists  companies  from  37  countries. 
Their  crucial  trading  and  messaging  systems  use  SQL  Server™  2005  to  handle  up  to 
64,000  transactions  per  second  with  99.999%  uptime.*  See  how  at  microsoft.com/bigdata 


Microsoft* 

SQL  Server  2005 


^ S 

IHf-  l  i  ii  l  f  M  M  il  ]  f  B4  1 1  1  <i 

rt”  •*  k  if ^  s i  HR v* i i I s w. ■  ■ 

;]  t ft  <  i M f  M i kTZ=S»lYJ  IL-  **r^ 

BUSINESS  TECHNOLOGY  LEADERSHIP 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 


EDITORIAL 

editor  in  chief  Abbie  Lundberg 
managing  editor  David  Rosenbaum 
EXECUTIVE  editors 

Christopher  Koch,  Elana  Varon 

WASHINGTON  BUREAU  CHIEF 

Allan  Holmes 

TECHNOLOGY  EDITOR 

Christopher  Lindquist 

SENIOR  EDITORS 

Stephanie  Gelston,  Stephanie  Overby 

SENIOR  WRITERS 

Meridith  Levinson,  Susannah  Patton, 
Thomas  Wailgum,  Ben  Worthen 

CONTRIBUTORS 

Catherine  Aczel  Boivie,  Grant  Gross,  Paul  Ingevald- 
son,  Scott  Kirsner,  Stephen  Lawson,  Elizabeth  Mon- 
talbano,  Michael  Schrage,  Matt  Villano 

EDITORIAL  ADMINISTRATOR 

Jill  Paquette 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Matthew  Goebel,  Chandra  Tallman 

COPY  TEAM 

assistant  managing  editor  Emily  S.  Henderson 

SENIOR  COPY  EDITORS 

Diann  Daniel,  Cathy  Mallen 

EDITORIAL  ASSISTANTS 

Margaret  Locher,  Christopher  Lynch, 
Katherine  Walsh 

ONLINE  EDITORIAL 

WEB  EDITORS 

Sandy  Kendall,  Paul  L.  Kerstein 

ONLINE  NEWS  WRITER  Al  SaCCO 
online  copy  editor  David  Gradijan 

RESEARCH 

RESEARCH  DIRECTOR 

Lorraine  Cosgrove  Ware 

RESEARCH  MANAGER 

Carolyn  Johnson 


CXO'  MEDIA  INC. 


INTERNATIONAL  DATA  GROUP 
BOARD  CHAIRMAN  Patrick  J.  McGovern 
president,  IDG  communications  Bob  Carrigan 


#BPA 

■  ■  ■  ■  n  «■  i  n  k 


■  mmir 


©CXO  Media  Inc. 


WHAT  WE  COVER*  WHOM  TO  CONTACT 

CIO  CAREER 

ENTERPRISE 

■  Skills 

INFRASTRUCTURE 

■  Job  Specs 

■  Enterprise  Architecture,  SOA 

■  Career  Path 

■  Middleware 

■  Professional  Development 

■  Enterprise  Resource  Management  (ERP) 

■  Personal  Development 

■  Supply  Chain  Management  (SCM) 

Meridith  Levinson,  mlevinson@cio.com 

■  B2B  Electronic  Commerce 

Stephanie  Gelston,  sgelston@cio.com 

Christopher  Koch,  ckoch@cio.com 

Ben  Worthen,  bworthen@cio.com 

LEADERSHIP  &  MANAGEMENT 

■  Governance  &  Alignment 

CUSTOMERS 

■  Budget  Management  &  IT  Value 

■  Customer  Resource  Management  (CRM) 

■  Business  Process  Redesign 

■  B2C  Electronic  Commerce 

■  Management  Methodologies 

■  Business  Intelligence 

■  Project  Management 

Thomas  Wailgum,  twaiigum@cio.com 

Elana  Varon,  evaron@cio.com 

Susannah  Patton,  spatton@cio.com 

Christopher  Koch,  ckoch@cio.com 

1 

TECHNOLOGY 

SOURCING  AND  STAFFING 

■  Emerging  Technology 

■  Outsourcing/Insourcing 

■  Networking  &  Communications 

■  Staffing 

■  Data  Center 

■  Vendor  Management 

■  Storage 

■  Knowledge  Management 

■  Hardware 

Stephanie  Overby,  soverby@cio.com 

Christopher  Lindquist,  clindquist.@cio.com 

Stephanie  Gelston,  sgelston@cio.com 

Thomas  Wailgum,  twailgum@cio.com 

RISK  MANAGEMENT 

GOVERNMENT 

■  Security 

Allan  Holmes,  aholmes@cio.com 

■  Privacy 

■  Business  Continuity 

■  Compliance 

Ben  Worthen,  bworthen@cio.com 

Allan  Holmes,  aholmes@cio.com 

Susannah  Patton,  spatton@cio.com 

COLUMN  &  DEPARTMENT  CONTACTS 

I 

Applied  Insight 

Martha  Heller 

Christopher  Koch,  ckoch@cio.com 

Stephanie  Gelston,  sgelston@cio.com 

Book  Reviews 

Michael  Schrage 

Elana  Varon.  evaron@cio.com 

Abbie  Lundberg,  lundberg@cio.com 

By  the  Numbers 

On  the  Move 

Elana  Varon,  evaron@cio.com 

Meridith  Levinson,  mlevinson@cio.com 

Endlines 

Peer  to  Peer 

David  Rosenbaum,  drosenbaum@cio.com 

David  Rosenbaum,  drosenbaum@cio.com 

Essential  Technology 

Susan  Cramm 

Christopher  Lindquist,  clindquist@cio.com 

David  Rosenbaum,  drosenbaum@cio.com 

Forum 

Total  Leadership 

David  Rosenbaum,  drosenbaum@cio.com 

Elana  Varon,  evaron@cio.com 

In  Box 

Trendlines 

Cathy  Mallen,  cmalien@cio.com 

Elana  Varon,  evaron@cio.com 

Keynote 

Washington  Watch 

Abbie  Lundberg,  lundberg@cio.com 

Allan  Holmes,  aholmes@cio.com 

' 

Ben  Worthen,  bworthen@cio.com 

e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 
492  Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com 
subscriber  services  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprint  services  Jennifer  Eclipse  •  PARS  International  •  212  221-9595  ext.  237  •  E-mail  jeclipse@parsintl.com 
rights  and  permission  Yadira  Pizarro  •  212  221-9595  ext.  231  •  E-mail  yadira@parsintl.com 


12  JUNE  15,  2006  |  www.cio.com 


Copyright  2006  Apani  Networks,  Inc.  Apani  Networks,  EpiForce,  the  Apani  Networks  logo  design  and  the  "Apani  Picketers"  icons  are  registered  trademarks  of  Apani  Networks,  Inc.  All  rights  reserved. 


TRUE  OR  FALSE? 

YOUR  CAR  HAS  ADVANCED  SECURITY  AND  YOUR  DATA  DOESN'T. 


It's  smart  to  protect  the  things  you  care  about.  Ever  wonder  what  could  happen  if  your  company  suffered 
a  data  breach?  It  could  come  from  inside  or  outside.  The  results  could  be  devastating.  That's  why  there's 

TM  TM  .  , 

EpiForce  from  Apani  Networks  .  It's  built  from  the  ground  up  to  secure  data  inside  the  perimeter. 

\ 

Plus,  it's  highly  scalable  and  creates  continuous,  easy-to-access  audit  trails.  So,  you  can  lessen  the 
risk  of  a  breach  and  help  protect  something  that's  truly  valuable  -  your  future. 


Apani 


it 


To  learn  more  about  securing  inside  the  network  perimeter,  get  a  free  copy  of  "The  Definitive  Guide  to  Security  Inside 
the  Perimeter"  from  Realtimepublishers.  sponsored  by  Apani  Networks.  Go  to  www.apani.com/cioguide 


itA'inimisw- 


READER  FEEDBACK 


Neutrality  According  to...? 

Your  article  [“Who  Owns  the  Net?”  May 
1]  almost  totally  ignores  more  than  a  decade 
of  lessons  surrounding  federal  restraint 
and  the  Internet’s  success  in  an  effort  to 
support  federal  “neutrality”  regulations. 

Once  you  try  to  define  what  will  be  regu¬ 
lated,  unintended  consequences  will  surely 
result.  If  broadband  providers  are  made 
liable  in  court  for  the  way  their  pipes  carry 
digitized  information,  you’re  going  to  have 
Congress  and  FCC  regulators  writing  rules 
that  cover  the  basics  of  Internet  traffic. 

Do  we  really  think  the  Internet  will  benefit 
from  having  government  officials  write  rules 
on  caching,  colocation,  packet  prioritization 
and  reassembly,  and  the  like?  And  when 
these  rules  are  challenged  in  court  (meaning 
more  delays),  will  that  help  or  hurt  efforts  to 
improve  the  U.S.  broadband  deployment? 

Trying  to  guess  at  a  regulated  formula 
for  network  neutrality  that  would  protect 
the  public  interest  and  not  impede  innova¬ 
tion  is  on  par  with  picking  a  perfect  NCAA 
basketball  bracket. 

There’s  another  aspect  of  net  neutral¬ 
ity  that’s  even  more  problematic:  the  way 
it  mixes  two  separate  entities,  namely  the 
public  Internet  and  private  networks.  For 
20  years,  private  networks  have  been  help¬ 
ing  business,  government,  universities 
and  others  that  need  specialized  communi¬ 


cation.  There’s  nothing 
wrong  with  groups  that 
are  willing  to  pay  a  little 
extra  because  they  need 
a  specialized  service- 
think  of  UPS  versus  the 
Postal  Service. 

So  if  net  neutrality 
regulations  are  passed, 
would  federal  regulators 
have  to  write  separate 
rules  for  public  ver¬ 
sus  private  networks? 
Would  there  be  different  federal  rules  for 
low-bandwidth  IP  services  that  use  the 
public  Internet  and  high-bandwidth  ser¬ 
vices  that  don’t? 

Entire  forests  will  be  sacrificed  to  pro¬ 
duce  all  the  legal  and  technical  filings  that 
would  surround  these  and  other  neutrality 
questions.  In  my  view,  we’re  far  better  off 
continuing  on  the  sound  path  the  Clinton 
administration  established  and  letting  the 
technology  continue  to  evolve  unfettered. 
MIKEMcCURRY 

Cochair,  Hands  Off  the  Internet  Coalition 
www.handsoff.org 

Paying  for  a  higher  level  of  service  was 
a  matter  of  time.  This  reality  does  not 
bother  me.  The  knowledge  that  there  will 
be  problems  between  carriers  absolutely 
does.  This  happens  all  the  time  now  with 
BGP  peering  (the  routing  protocol  that 
runs  the  Internet)— one  carrier  will  block 
routes  from  another  carrier,  not  allowing 
it  to  cross  its  boundaries  unless  some  type 
of  agreement  is  made. 

So,  if  you  have  customers  originating 
from  the  blocked  carrier,  this  could  mean 
poor  response  or  a  fully  blocked  path  to 
your  services,  resulting  in  lost  sales.  If  one 
of  your  partners  is  blocked,  you  lose  pro¬ 
ductivity.  Either  way,  you’ll  lose  revenue 
while  paying  higher  connectivity  costs! 


The  worst  part  is  that  the  service-level 
agreement  your  provider  will  give  you  will 
absolutely  state  this  service  applies  only 
to  its  network,  not  any  other  provider’s. 
Anybody  who  does  business  that  crosses 
those  lines  will  feel  the  pain  without  any 
recourse  available. 

CHRIS  CELL 

Director,  Network  Engineering 
Toll  Brothers  Inc. 
chris@totlbrothersinc.com 

More  on  Toxic  Leaders 

With  regards  to  confronting  a  toxic 
leader,  [“Toxic!”  April  15]  I  would  do  so 
only  if  he  worked  for  me.  Toxic  leaders 
aren’t  likely  to  listen  to  anything  anyone 
“below”  them  would  have  to  say.  If  the 
environment  doesn’t  fit  with  your  values, 
then  it’s  time  to  move  on  before  you  wake 
up  one  morning  hating  yourself. 

JACK  BROOKS 

IT  Manager,  iStark  Inc. 

I  have  reported  to,  supervised,  coached 
and  sometimes  terminated  toxic  leaders 
at  various  levels  in  a  variety  of  organiza¬ 
tions.  Frequently  these  toxic  leaders  were 
a  hiring  mistake;  I  can  understand  that 
they  sometimes  get  through  recruiting 
checkpoints.  However,  the  bigger  issue  is 
those  in  senior  management  who  allow 
toxic  individuals  to  continue  in  their  roles 
rather  than  address  their  counterproduc¬ 
tive  behavior  effectively. 

RAMESH  BULUSU 

Managing  Partner,  Universal  Consulting 
universal_consuiting@yahoo.com 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to  letters@ 
cio.com.  Letters  may  be  edited  for  length  or 
clarity.  For  a  link  to  the  articles  mentioned,  go 

to  www.cio.  com/061506. 

cio.com 


14  JUNE  15,  2006  |  www.cio.com 


automation  &  control  •  building  technologies  •  energy  &  power  •  financial  services  •  hearing  solutions  •  home  appliances  • ' 
lighting  •  material  handling  •  medical  solutions  •  transportation  •  water  technologies 


Who  is  helping  to  improve  the  quality  of  patient  care  and  safety 

in  hospitals  throughout  the  nation? 

Innovations  from  Siemens  can  be  found  everywhere.  We  provide  US  hospitals 
with  the  tools  to  improve  patient  care,  while  helping  to  lower  costs  thanks  to 
our  “digital  hospital”  solutions.  And  we’re  working  with  numerous  healthcare  providers  to 
build  health  networks  that  connect  telecommunications,  IT,  medical  systems  and  building 
technologies  in  ways  never  before  accomplished.  This  means  less  waiting,  decreased  costs 
and  enhanced  care  for  patients.  At  Siemens,  our  innovations  help  turn  dreams  into  reality. 

SIEMENS 

Global  network  of  innovation 


We  are 


BOARD  OF  ADVISERS  '06 


CIO  wishes  to  acknowledge  the  2006  Editorial  Advisory  Board  members  for  their  ongoing 
guidance  and  reality  check  of  the  magazine’s  content  and  focus.  We  thank  them  for  their 
generosity  in  sharing  their  insight  into  the  world  of  IT  leadership. 


GREGOR  BAILAR 

CIO 

Capital  One 
Falls  Church,  Va. 

DOUG  BARKER 

CEO 

Barker  and  Scott  Consulting 
Washington,  D.C. 

WAYNE  D.  BENNETT 

Partner 
Bennett  Law 
Wellesley,  Mass. 

LARRY  BONFANTE 

CIO 

United  States  Tennis  Association 
White  Plains,  N.Y. 

DENNIS  CALLAHAN 

EVP  &  CIO 
The  Guardian  Life 
Insurance  Co. 

New  York  City 

SHEILA  DONAHOE 

CIO 

Bluegreen 
Boca  Raton,  Fla. 

MICHAEL  EARL 

Professor  of  Information 
Management,  Dean  of 
Templeton  College 
Oxford  University 
Oxford,  England 


PAUL  J.  GAFFNEY 

EVP,  Supply  Chain 
Staples 

Framingham,  Mass. 

ANDY  GEISSE 

CIO 
AT&T 
San  Antonio 

JOHN  GLASER 

VP  &  CIO 

Partners  Healthcare 
Boston 

SCOTT  HEINTZEMAN 

CIO 

Carlson  Marketing  Group 
Plymouth,  Minn. 

C.  LEE  JONES 

Chairman,  President 
&CEO 

Essential  Group 
Gurnee,  Ill. 

SUSAN  S.  KOZIK 

EVP  &  CTO 
TIAA-CREF 
New  York  City 

i  BUD  MATHAISEL 

Corporate  VP  &  CIO 
j  Solectron 
Milpitas,  Calif. 

i 

SHELEEN  QUISH 

Former  CIO 
|  U.S.Can 
Lombard,  Ill. 


j 

i 


REBECCA  R.  RHOADS 

CIO 

Raytheon 
Lexington,  Mass. 

LARAINE  RODGERS 

President 
The  LR  Group 
Scottsdale,  Ariz. 

JAMES  F.  SUTTER 

Senior  Partner 

The  Peer  Consulting  Group 

Newport  Beach,  Calif. 

RICHARD  W.  SWANBORG  JR. 

President 

ICEX 

Boston 

PATRICIA  WALLINGTON 

President 
CIO  Associates 
University  Park,  Fla. 

ROBERT  P.  WEIR 

VP,  Information  Services 
Northeastern  University 
Boston 

STEVE  WILLIAMS 

SVP&CIO 
Mattress  Giant 
Addison,  Texas 


j 


16 


JUNE  15,  2006  |  www.cio.com 


With  network  security,  if  you're  not  ahead  of  the  threat 

9  .  ‘Mn  n  nPi  nrr 

JVU  ,\s  v.,1"  •••  •• 


©2006  Internet  Security  Systems  incorporated.  All  rights  reserved  worldwide. 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast 
enough  to  protect  against  losses  once  an  Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems. 
Because  our  enterprise  solutions  are  based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  can  offer  preemptive 
security  and  stop  threats  before  they  impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 


Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules,  at  www.iss.net/proof  or  call  800-776-2362. 


Internet  |  Security  |  Systems® 

Ahead  of  the  threat 


NETWORK  &  HOST  INTRUSION  PREVENTION 


MANAGED  SECURITY  SERVICES 


VULNERABILITY  MANAGEMENT 


Let  Internet  Security  Systems  stop 
network  threats  before  they  impact  your  business. 


INTELLIGENT 


Better  answers,  faster. 


ENTERPRISE  INTELLIGENCE  PLATFORM 

DATA  INTEGRATION 


INTELLIGENCE  STORAGE 


BUSINESS  INTELLIGENCE 


ANALYTICS 


Challenged  with  balancing  efforts  to  support  strategic  initiatives  while  still  lowering  operational 
costs?  SAS  takes  you  beyond  traditional  Bl  query  and  reporting  to  a  higher  level  of  shared 
decision  making  that  drives  innovation.  Our  fully  integrated  Enterprise  Intelligence  Platform  sets  the 
foundation,  linking  technologies  for  data  integration  and  storage,  reporting  and  analysis.  Proven 
software,  industry-specific  solutions  and  domain  experience  extend  the  value  of  your  investment. 
Bridging  the  gap  between  what  you  have  -  growing  expectations  to  deliver  a  return  on  investment 
-  and  what  you  want  to  achieve  -  increased  profits,  reduced  risk  and  improved  performance. 

Want  Proof?  Find  out  why  SAS  is  at  work  in  96  of  the  top  100  companies  on  the  FORTUNE 
Global  SOO"5  —  with  customer  retention  rates  exceeding  98%  annually  for  30  years. 

r  www.sas.com/innovation  •  Free  white  paper 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  their  respective 
companies.  ©  2006  SAS  Institute  Inc.  All  rights  reserved.  378042US.0406 


EDITED  BY  ELANA  VARON 


NEW  *  HOT  *  UNEXPECTED 


Tech  that 
Fuels  Ethanol 
Production 


energy  Ethanol  isn’t  new.  Henry 
Ford  originally  designed  the  Model  T 
to  run  on  the  corn-based  fuel,  which  cur¬ 
rently  accounts  for  roughly  3  percent  of 
the  nation’s  fuel  consumption.  Researchers 
at  the  University  of  California,  Berkeley,  say, 
however,  that  ethanol  could  replace  20 
percent  to  30  percent  of  fuel  usage  in 
the  United  States  in  just  a  few  years- 
in  part  through  cars  converted  to 
burn  a  mixture  of  ethanol  and  gas. 

And  so,  as  the  country  faces  the 
dual  dilemmas  of  oil  depen¬ 
dence  and  global  warming, 
leaders,  including  Presi- 


mmmummmwmmmmm 


mm 


dent  Bush,  are  touting  ethanol  as  a  possible 
fuel  of  the  future— and  ethanol  producers 
such  as  Tom  Branhan  are  turning  to  IT  to 
help  them  boost  production. 

Branhan  is  CEO  of  Glacial  Lakes  Energy, 
which  operates  an  ethanol  plant  in  Water- 
town,  S.D.  His  company  started  using 
predictive  control  software  from  Pavilion 
Technologies  about  a  year  ago  to  help  boost 
production  and  reduce  the  amount  of  natu¬ 
ral  gas  used  to  run  the  plant.  Since  then, 
the  company— which  converts  more  than 
17  million  bushels  of  corn  per  year  into 
50  million  gallons  of  ethanol— has 
increased  production  by  as  much  as 
10  percent  while  cutting  its  natural 
gas  usage  by  up  to  3  percent.  “Add¬ 
ing  computer  control  to  our  produc¬ 
tion  process  has  allowed  us  to  stay 
ahead  of  the  curve,”  Branhan  says. 
Even  though  the  basic 
technique  used  to  make  the 

Continued  on  Page  20 


Your  Web,  My  Web,  Our  Web 


internet  The  Internet’s 
impact  on  users’  lives  has  grown 
during  the  past  five  years,  but 
that  impact  is  greater  in  some 
areas  than  in  others,  according  to 
a  recent  survey  by  the  Pew  Inter¬ 
net  &  American  Life  Project. 

According  to  the  survey, 

35  percent  of  Internet  users  said 
being  online  has  greatly  improved 
their  ability  to  do  their  jobs,  up  from 
24  percent  in  March  2001.  The  job 
category  saw  a  lower  growth  rate 
than  other  areas. 

In  the  category  of  respondents' 


personal  lives,  the  growth  rate  was 
higher.  For  example,  33  percent 
reported  that  being  online  has 
greatly  improved  the  way  they  pur¬ 
sue  their  hobbies  and  interests,  up 
from  20  percent  five  years  ago. 

The  resources  and  services 
available  on  the  Web  have 
exploded  since  2001,  but  at  the 
same  time  it's  become  harder  to 
make  an  impression  on  users, 
says  Mary  Madden,  a  research 
specialist  at  Pew.  Also,  occasional 
users  may  not  know  about  things 
on  the  Internet  that  could  change 


the  way  they  live,  Mad¬ 
den  adds.  Daily  users 
are  much  more  likely  to 
report  that  being  online 
has  a  major  impact  on  the 
way  they  do  things. 

Internet  use  is  still  more 
common  among  wealthier 
people,  but  the  gap  is  nar¬ 
rowing,  Madden  says. 

“Much  of  the  growth  that 
has  occurred  in  the  past 
year  alone  has  come  from 
low-income  groups,”  she  says. 

-Stephen  Lawson 


ILLUSTRATION  TOP  BY  MATTHEW  GOEBEL;  BOTTOM  BY  CORBIS 


www.cio.com  |  JUNE  15,  2006  19 


TRENDLINES 


Iraq's  Virtual  Library 


'  ! 


research  A  group  of  U.S.  scientists,  with  help  from  Sun  Microsystems  and  the  U.S. 
government,  have  launched  an  online  library  containing  more  than  1  million  research  articles  for 
Iraqi  scientists  and  students. 

The  Iraqi  Virtual  Science  Library  (IVSL)  was  started  with  $362,000  from  the  U.S.  Department  of  State 
and  the  U.S.  Department  of  Defense.  According  to  project  organizers,  the  online  library  is  needed  because  for 
more  than  20  years,  Saddam  Hussein’s  regime  neglected  libraries  and  the  scientific  community.  Then, 
following  the  U.S.  invasion  of  Iraq  in  2003,  many  Iraqi  libraries  were  found  to  have  been  looted  and  destroyed. 

“The  Iraqis  began  with  nothing,"  says  Barret  Ripin,  senior  science  diplomacy  officer  for  the  U.S.  Department 
of  State.  “A  lot  of  the  holdings  that  they  did  have  were  destroyed  in  the  aftermath  of  the  war.” 

The  project  started  with  a  group  of  scientists  who  were  working  at  the  State  Department  or  DoD 
through  a  fellowship  program  of  the  American  Association  for  the  Advancement  of  Science.  The  group 
wanted  to  give  Iraqi  scientists  and  students  access  to  “top-tier”  research,  says  D.J.  Patil,  an  IVSL 
cofounder  and  researcher  at  the  University  of  Maryland. 

With  the  first  phase  of  IVSL  complete,  the  online  library  includes  access  to  more  than  17,000 
research  journals.  Some  publishers  donated  access,  while  others  offered  subscription  discounts,  says 
Susan  Cumberledge,  another  IVSL  cofounder  and  a  professor  of  biochemistry  and  molecular  biology 
at  the  University  of  Massachusetts.  Iraqi  scientists  and  students  can  sign  up  for  access  through  seven 
universities  and  one  research  institute  there,  and  more  schools  will  be  added,  Cumberledge  says. 

Sun  helped  the  IVSL  team  evaluate  the  Internet  connectivity  and  infrastructure  needed  for 
the  project.  In  the  next  phase,  Sun  will  help  Iraqi  universities  and  government  agencies  create  an 
open-source  Web  portal  that  the  universities  can  manage,  company  officials  say. 


-Grant  Gross 


WHAT'S  SCARIER 

INCOMPETENCE  OR  TERRORISM? 


SECURITY 

Ninety-one  percent  of 
companies  worry  that 
their  systems  or  data 
will  be  stolen,  misused 
or  damaged  by  an 
outsourcing  provider, 
while  only  48  percent 
fear  that  outsourcers 
will  be  threatened  by 
terrorism,  according 
to  a  survey  of  158  exec¬ 
utives  by  consultancy 
Booz  Allen  Hamilton. 


Among  the  study’s  other  findings: 

®are  willing  to  pay  a  premium  for 
improved  security. 


say  security  risks  are  higher  with  offshore 
’*i'T  than  with  U.S.-based  service  providers. 


support  some  type  of  federal  security  and 
!T  privacy  standards  for  outsourcers. 


consider  viruses,  spyware  and 
y  other  data  security  threats  to  be  top 
concerns  when  managing  or  evaluating 
outsourcing  relationships. 


Ethanol 

Continued  from  Page  19 

fuel— distilling  corn  to  make  alco¬ 
hol— hasn’t  changed  much  in  a 
century,  the  process  of  producing 
high-grade  ethanol  can  be  tricky, 
Branhan  points  out.  The  corn  is 
ground  up  and  cooked,  and  the 
resulting  starch  is  mixed  with  water 
to  form  a  mash.  By  adding  yeast,  the 
mash  is  fermented  and  then  pumped 
into  a  distillation  system  where  the 
manufacturing  process  is  completed. 
Throughout  the  process,  producers 
need  to  monitor  moisture  levels,  air 
flow  and  other  variables  such  as  the 
flow  of  natural  gas  that  powers  the 
plant’s  machinery. 

By  using  control  technology, 
ethanol  producers  can  more  effec¬ 
tively  monitor  these  variables  and 
make  data  visible  to  plant  opera¬ 
tors,  Branhan  says.  For  example,  the 
computerized  system  allows  Glacial 
Lakes’  plant  operators  to  more  closely 
analyze  the  amount  of  water  in  the 
ethanol.  They  can  then  take  steps  to 
maximize  the  water  content  in  the 
fuel,  enabling  greater  production. 

Predictive  control  technology  was 
first  used  in  oil  refineries  in  the  1970s 
and  is  now  used  in  petrochemical 
plants  as  well  as  power  plants  and 
paper  mills.  Tom  Fiske,  a  senior  ana¬ 
lyst  at  ARC  Advisory  Group,  says 
that  by  building  control  technology 
into  plans  for  new  ethanol  plants, 
producers  can  be  sure  that  they  will 
be  operating  efficiently. 

“The  ethanol  industry  is  still  young,” 
observes  David  Culver,  director  of  oper¬ 
ations  at  Glacial  Lakes.  And  greater 
automation,  Culver  adds,  will  help  this 
industry  face  growing  demand  for  its 
product.  -Susannah  Patton 


20  JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  ISTOCKPHOTO.COM 


INNOVATIONS  IN 


Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 

Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we're  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  every  Florida  child  in  need.  ” 

JOHNNY  C.  WHITE 

CIO 

Florida  Guardian  ad  Litem  Program 


_ I 


Access  your  future  today  at 
citrix.com. 


©2006  Citrix  Systems,  Inc,  All  rights  reserved.  Citrix®  is  a  trademark  of  Citrix  Systems,  Inc. 
and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent 
and  Trademark  Office  and  in  other  countries.  All  other  trademarks’  and  registered 
trademarks  are  the  property  of  their  respective  owners. 


CITRIX 


TRENDLINES 


RFID 

Rules 


privacy  Companies  using  radio 
frequency  identification  (RFID)  tags 
on  products  should  always  tell  their 
customers  and  make  sure  they  know 
whether  they  can  deactivate  the  tags, 
according  to  a  set  of  best  practices  for 
RFID  deployment  proposed  by  a  group 
of  IT  vendors.  RFID  users  and  con¬ 
sumer  advocates. 

"There  should  be  no  secret  RFID 
tags  or  readers."  according  to  a  draft 
report  by  the  Center  for  Democracy 
and  Technology  (CDT)  Working 
Group  on  RFID.  Members  of  the  group 
include  Cisco.  IBM,  Intel,  the  National 
Consumers  League.  Procter  &  Gam¬ 
ble  and  VeriSign. 

The  report  adds  that,  by  itself,  con¬ 
sumer  notification  does  not  mitigate  all 
privacy  concerns.  Companies  collect¬ 
ing  personally  identifying  information 
through  RFID  tags  should  tell  custom¬ 
ers  how  that  data  will  be  used.  And  if 
customers  can  opt  out  of  sharing  that 
information,  or  can  destroy  the  tags, 
those  options  must  be  readily  available, 
the  report  says. 

“The  document  draws  from  widely 
accepted  and  traditional  principles 
of  fair  information  practices,"  says 
Paula  Bruening,  staff  counsel  at  CDT, 
a  privacy  and  civil  liberties  advocacy 
group.  It  offers  concrete  guidance  for 
companies  that  want  to  deploy  RFID 
in  a  way  that  respects  privacy,  but  also 
recognizes  the  need  for  technological 
flexibility,  she  adds. 

The  expanding  use  of  RFID, 
embraced  by  large  retailers  such 
as  Wal-Mart  and  Target,  has 
raised  concerns  about  privacy. 
Because  scanners  can  read 
RFID  chips  from  a  short  dis¬ 
tance.  privacy  advocates  worry 
that  the  technology  could  even¬ 
tually  be  used  to  track  people's 
movements  and  purchases. 

-Grant  Gross 


washingtonwatch 


When  East 
Meets  West  on 
IP  Rights 

When  Chinese  President  Hujintao 
met  with  President  Bush  in  April,  he 
assured  Bush  that  China,  long  known 
as  a  nation  that  does  not  respect  intel¬ 
lectual  property  rights,  was  taking 
steps  to  protect  the  IP  of  U.S.  compa¬ 
nies.  But  the  reality  is  that  not  much 
may  happen  for  years  due  to  the  frag¬ 
mented  Chinese  business  culture. 

“We  talk  of  China  as  though  it  is 
one  monolithic  entity,”  says  Steven 
Henry,  a  lawyer  at  Wolf  Greenfield 
and  Sacks.  “It  may  be  centrally 
governed,  but  when  it  comes  to  IP 
enforcement,  it  is  not  one  country.” 

China’s  government,  companies 
and  citizens  all  benefit  from  an 
economy  that  ignores  intellectual 
property  rights.  Small  businesses  that 
specialize  in  counterfeit  goods  operate 
in  the  open.  The  Beijing  government 
could  shut  them  down,  but  it  doesn’t 
because  the  black  mar¬ 
ket  creates  jobs  and 


Y  ALLAN  HOLM 


allows  people  to  buy  products  such 
as  movies  that  they  otherwise  could 
not  afford. 

Meanwhile,  many  Chinese  compa¬ 
nies  ignore  IP  to  avoid  paying  hefty 
royalties  to  Western  companies, 
says  Henry.  In  response,  the  Beijing 
government  is  encouraging  develop¬ 
ment  of  domestic  standards,  such  as 
TD-SCDMA,  a  wireless  standard, 
and  AVS,  a  video-compression  rival 
to  .mpeg.  Gao  Wen,  chairman  of  the 
audio-video  coding  standard  working 
group  in  China,  says  that  China  will 
charge  companies  that  use  its  stan¬ 
dards  up  to  20  times  less  than  what  IP 
owners  in  the  West  charge. 

Henry  says  that  it  may  take  a  gen¬ 
eration  or  more  before  China  abides 
by  Western  IP  rules  because  that’s 
how  long  it  will  take  Chinese  compa¬ 
nies  to  develop  a  critical  mass  of  IP  of 
their  own  so  that  protecting  it  will  be 
in  their  financial  interest.  If  your  com¬ 
pany  cannot  wait  that  long  to  jump 
into  the  Chinese  market,  but  you 
still  are  concerned  about  how  your 
company  might  protect  its  IP,  you 
may  want  to  emulate  what  Warner 
Brothers  did.  Last  fall,  the  media  com¬ 
pany  created  a  partnership  with  the 
state-owned  China  Film  Group  and 
the  privately  run  Hengdian  Group 
to  develop  Chinese-language  films. 
According  to  some  Beijing  DVD  shop¬ 
pers,  it  is  now  harder  to  find  movies 
produced  by  Warner  Brothers  on  the 
black  market. 

Henry  says  this  example  illus¬ 
trates  the  importance  of  build¬ 
ing  relationships  with  Chinese 
partners  and  understanding 
“what  their  motives  are  and 
what  their  ethics  are.”  For  now, 
he  concludes,  “the  relationship 
may  be  more  important  than 
the  law.”  -Ben  Worthen 


22  JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  AP/WIDE  WORLD  PHOTOS 


THE  ESSENTIAL  ELEMENTS  OF 


IT  GOVERNANCE 


Even  the  most  effective  strategy  and  leadership  need  the  right  data  to  support  them.  Compuware  Changepoint 
provides  the fundamental  components for  better  decision-making.  While  Changepoint  automates  key  organizational 
processes,  you  get  an  integrated  dashboard  view  of  IT  costs,  effort  and  value  with  the  power  to  drill  down  for 
details.  Hard facts  delivered  on  demand — now  that’s  putting  true  IT  insight  in  the  palm  of  your  hand. 


(  )  Compuware 

(£)  Changepoint* 


Discover  the  “Total  Economic  Impact”  of  implementing  IT  Governance. 

Download  the  latest  Compuware-commissioned  case  study  conducted  by 
Forrester  Consulting  at  www.compuware.com/Changepoint/ROI3.  Or,  visit 
us  at  http://www.compuware.com/it-governance/. 


COMPUWARE. 


Outfoxing  Bill  Gates 


owners  of  the  referring  website  will  get  the  referral 
fee  if  they  have  signed  up  for  Google  AdSense. 

There  are  three  types  of  alerts  site  owners 
can  put  on  their  page:  “gentle  encouragement," 
“semiserious"  or  "dead  serious." 

If  a  website  owner  chooses  "gentle  encourage¬ 
ment,"  visitors  who  are  using  IE  will  see  a  banner 
across  the  top  of  the  page  that  encourages  them  to 
download  Firefox.  A  "semiserious”  site  will  put  up 
a  splash  page  with  a  link  for  downloading  Mozilla's 
browser.  Those  who  choose  the  “dead  serious" 
rating  block  users  with  IE  from  viewing  their  pages 
unless  the  users  install  Firefox. 

The  group  also  has  launched  a  tongue-in-cheek 
website  (www.killbillsbrowser.com)  that  parodies 
I E  and  provides  reasons  (many  of  them  off-color) 
why  users  should  switch  to  Firefox.  Among  them: 

"It  will  make  Bill  Gates  soooooooooo  mad.”  The 
site  also  refers  to  the  difficulties  users  sometimes 
encounter  when  using  IE  and  problems  developers 
have  making  websites  IE  compatible. 

-Elizabeth  Montalbano 


open  source  A  group  of  self-styled  "politi¬ 
cal.  activists”  has  started  campaigning  for  browser 
users  to  switch  from  Microsoft  Internet  Explorer 
(IE)  to  Mozilla  Firefox. 

The  campaign,  called  Explorer  Destroyer,  takes 
advantage  of  a  new  program  by  Google  to  pay  users 
of  its  AdSense  service  a  dollar  for  each  referral  to 
Firefox  made  through  Google  Toolbar,  according  to  the 
group’s  website  ( www.explorerdestroyer.com ). 
AdSense  enables  Web  publishers  to  earn  money 
by  displaying  ads  on  their  websites  that  are 
,J  served  by  Google. 

Explorer  Destroyer  exhorts  visitors:  "You 
/  already  want  people  to  switch  to  Firefox.  Now's 
t  the  time  to  get  serious  about  it."  According  to 
Mozilla,  Firefox  accounts  for  10  percent  of  the 
browsers  in  use  in  the  United  States. 

Explorer  Destroyer  offers  website  owners  script¬ 
ing  technology  that  will  detect  if  a  visitor  is  running  IE. 
If  so,  an  alert  will  appear  directing  the  visitor  to 
download  Firefox  in  order  to  either  view  the  site  bet¬ 
ter  or  see  it  at  all.  If  the  visitor  downloads  Firefox,  the 


Why  Technology  Fails 

A  skeptical  view  of  new  technology 


H 


Coburn 


Function 


*^P  **tkhjo 


book  review  Most  business 
books  have  one  big  idea  that  the  author 
draws  out  for  200  pages.  Usually  the 
idea  can  be  explained  in  a  review,  and  the 
book  itself,  colored  with  vague  examples, 
is  best  to  skim. 

Pip  Coburn’s  The  Change  Function: 
Why  Some  Technologies  Take  Off  and 
Others  Crash  and  Burn  is  different.  Yes, 
he  has  a  big  idea— that  you  can  predict 
which  technologies  will  succeed  or  fail 
by  applying  a  simple  formula— and  this 
idea  is  covered  in  the  first  10  pages.  (And 
yes,  you’ll  understand  the  idea  by  the 
end  of  this  review.)  But  what  sets  this 
book  apart  from  so  many  others  is  that 
the  rest  of  it  is  worth  reading.  Coburn 
fills  his  book  with  detailed  case  stud¬ 
ies,  gleaned  from  his  years  as  managing 


director  of  the  technology  group 
at  UBS  Investment  Research, 
that  illustrate  his  formula.  And 
thanks  to  the  detail,  the  cases 
actually  teach  you  something. 

The  core  of  Coburn’s  formula  is 
that  a  new  technology  should  be 
widely  adopted  only  if  it  meets  two  criteria. 
First,  it  has  to  address  a  problem,  and  sec¬ 
ond,  that  problem  has  to  be  more  painful 
than  the  perceived  pain  of  adopting  the 
new  technology.  “We  need  to  balance  our 
wonderment  at  technology’s  role  in  creat¬ 
ing  nirvana  with  a  skepticism  about  busi¬ 
ness  models,”  writes  Coburn,  now  head 
of  his  own  investment  company,  Cobum 
Ventures.  The  picture-phone,  for  example, 
which  AT&T  pushed  from  the  1960s  to  the 
1980s,  failed  because  the  need  to  see  the 


The  Change  Function:  Why  Some 
Technologies  Take  Off  and  Others 
Crash  and  Burn 

By  Pip  Coburn 
Portfolio,  2006,  $24.95 


person  you’re  talking  to  isn’t  a  big  enough 
problem  to  justify  buying  and  learning  how 
to  use  an  expensive  new  phone  system. 

That’s  a  lesson  that  should  hit  home 
for  CIOs.  Applying  Coburn’s  insight, 
CIOs  should  force  IT  projects  through 
a  gauntlet  of  questions,  asking  not  only 
if  a  particular  technology  will  solve  a 
problem  but  also  whether  that  problem 
is  one  users  are  desperate  enough  to 
have  them  do  something  about. 

-Ben  Worthen 


24  JUNE  15,  2006  |  www.cio.com 


no 


iscussion 


non  company, 

talk. 


McKesson,  June  19. 


Randy  Spratt,  CIO 


hange  artists 


On  June  19  at  10:30  a.m.  EDI,  catch  a  live,  interactive  30-minute  conversation  with  McKesson 
CEO  John  Hammergren  and  CIO  Randy  Spratt.  It’s  a  dynamic  webcast  on  strategy, 
technology  and  change,  moderated  by  IT  journalist  John  Gallant,  Produced  by  HP  and 
broadcast  by  CNN  and  CIO  magazine.  Sign  up  now  at  hp.com/go/changeartists 


Find  out  how  McKesson  Corporation 
employs  IT  as  a  strategy  to  guide  the  future 
of  this  global  healthcare  services  company. 

CEOs  and  CIOs  who  create  opportunity  are  change  artists.  “Change  Artists” 
is  a  live  Web  series  that  explores  how  they  do  it. 

On  June  19  at  10:30  a.m.  EDT,  we  feature  CEO  John  Hammergren  and 
CIO  Randy  Spratt  of  healthcare  services  giant  McKesson. 


Number  16  on  the  Fortune  500®and 
an  $80  billion  company,  McKesson 
Corporation  is  the  world’s  leading 
provider  of  healthcare  services. 
McKesson  uses  smart  technologies 
to  help  make  the  delivery  of 
healthcare  safer,  more  efficient 
and  less  expensive. 

Join  CEO  John  Hammergren  and 
CIO  Randy  Spratt  as  they  share  how 
IT  has  evolved  from  a  resource  to 
a  central  strategy  for  the  company. 
They’ll  relate  ways  they’ve  brought 
focus  to  the  company  internally  and 
applied  those  lessons  to  help  their 
customers  advance. 

They’ll  also  answer  your  questions  live. 

But  “Change  Artists”  goes  beyond  the 
CEO/CIO  conversation.  It’s  a  program 


designed  to  help  you  manage— and 
master— change. 

Log  on  to  hp.com/go/changeartists. 
You’ll  find  practical  ideas  from 
CIO  magazine.  Interactive  tools  that 
reveal  areas  of  change  in  your 
company,  designed  by  HR  As  well 
as  revealing  case  studies  on  Fortune 
500  companies. 

And,  of  course,  you’ll  get  the  latest 
thinking  on  key  issues  raised  during 
the  “Change  Artists”  program.  For 
example,  IT  consolidation. 

Consolidation  is  undergoing  dramatic 
change.  It’s  not  just  about  cost  savings, 
it’s  about  increasing  business  value. 

The  “Change  Artists”  website  currently 
provides  a  detailed  overview  of  IT 


consolidation,  and  reviews  the  key 
elements  of  a  consolidation  program. 

You’ll  learn  about  companies  that 
have  moved  from  IT  as  a  cost  center 
to  IT  as  a  driver  of  business  value. 

“Change  Artists”  taps  into  executive 
insight,  industry  analysis,  and 
the  unique  perspective  of  global 
business  and  technology  leaders. 

The  goal:  to  help  inspire  your  own 
transformation  journey. 

Everyone  talks  about  change. 
“Change  Artists”  will  make  you  a 
leader  in  that  conversation. 

Get  started  at 
hp.com/go/changeartists 


Produced  by:  Broadcast  by: 


m  CM  ms 


invent 


change  artists 


©2006  Hewlett-Pbckard  Development  Company,  L.R 


A.  Duie  Pyle 
Advanced  Health  Media 
Aflac 

Afloat  Training  Group 
AIG  Domestic  Brokerage  Group 
Air  Force  Reserve  Command,  H.Q. 
Alere  Medical 
APL  Logistics 
Applera 
Atmos  Energy 
Austin  Energy 
Ball  State  University 
Baptist  Health  South  Florida 
Berlin  Packaging 
Broward  County  Office  of 
Information  Technology 
BT  Group 

Capital  One  Financial 

Case  Western  Reserve  University 

CompuCredit 

ConocoPhillips  Refining  and  Marketing 
Con-Way 

Cooper  Communities 
CSX  Technology 
Defense  Logistics  Agency 
Dell 

Deutsche  Bank  Securities 
Discover  Financial  Services 
Drexel  University 
Dunham  and  Smith  Agencies 
E*TRADE  Financial 
Echostar  Satellite 
Fairfax  County  Public  Schools 
Federal  Financial  Institutions 
Examination  Council 
FedEx  Ground  Package  System 
Foley  &  Lardner 
General  Motors 

Goodwill  Industries  International 
The  Goodyear  Tire  &  Rubber  Co. 

Great  American  Financial  Resources 


Harrahs  Entertainment 
Hess 

Highmark 

Hitachi  Global  Storage  Technologies 

Hygeia 

ING  Group 

Intel 

International  Training  and  Exchange 
International  Truck  and  Engine 
Iowa  Department  of 

Administrative  Services 
JEA 

King  County 

KnowledgeBase  Marketing 
Lance  Armstrong  Foundation 
Lifespan 
Litle&Co. 

Lord,  Abbett&Co. 

Marriott  International 
MediSend  International 
MoneyGram  International 
Monsanto 

Nanyang  Polytechnic 
Network  Services  Co. 

Nexsen  Pruet  Adams  Kleemeier 

Nielsen  Media  Research 

NOAA  Undersea  Research  Center 

Northrop  Grumman 

Oakland  County  Michigan 

Ochsner  Clinic  Foundation 

The  Ohio  State  University  Medical  Center 

Oregon  State  University 

Panasonic  Automotive  Systems  Co. 

of  America 
Partners  Healthcare 
Pfizer 

Pierce  County 
Pitt  County 

PNC  Financial  Services  Group 
The  Procter  &  Gamble  Co. 

Quicken  Loans 


Royal  Bank  of  Canada 
Russell  Investment  Group 
Sarasota  County  Government 
Shell  Vacations 
SIRVA 

Society  of  Worldwide  Interbank 
Financial  Telecommunication 
Southern  Co. 

SRL  Ranbaxy 
Taleo 

Trico  Products 
United  Parcel  Service 
United  States  Marine  Corps 
Systems  Command 
University  of  Chicago  Hospitals 
University  of  Missouri  -  Rolla 
University  of  Rochester 
The  University  of  Texas  M.  D.  Anderson 
Cancer  Center 
Vanguard 

Wake  Forest  University 
Washington  Metropolitan  Area  Transit 
Authority 

Washtenaw  County 
Wells  Fargo  Wholesale  Internet 
&  Treasury  Solutions 
YRC  Worldwide 


Presented  by 


Business 

Technology 

Leadership 


Proudly  underwritten  by 


Sybase 


□  CAN  WE  RELY  ON  IT 


■■P  2006  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  the  Windows  logo,  and  Windows  Server  are  either  registered  trademarks 
Corporation  in  .*e;United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  twin  mav  be  the  trademar 


or  trademarks  of  Microsoft 
ks  of  their  respective  owners. 


Microsoft 


efGET  the  facts. 

A  YANKEE  GROUP  STUDY  SHOWS  MIDSIZE  COMPANIES  BET 
THEIR  BUSINESS  ON  WINDOWS  SERVER™ OVER  LINUX. 

"The  allure  of  free  software  excites  small-to-midsize  businesses.  But  after  some  basic 
investigation  they  conclude  the  risks  and  costs  of  managing  Linux  environments,  plus 
the  lack  of  trained  IT  resources,  focused  applications,  and  channel  support  increase 
their  business  and  financial  risks."  -Yankee  Group 

For  these  and  other  third  party  findings,  go  to  microsoft.com/getthefacts 


tk  j.  Windows  Server  2003 


TRENDLINES 


Room  to  Improve 
IT’s  Moves 

AtsmallercompaniesJTisbestat 
meetingtactical  goals 


I.T.  DECISION-MAKERS 

at  small  and  mid-market  com¬ 
panies  think  the  IT  shop  is  best 
at  supporting  tactical  efforts 
such  as  improving  efficiency, 
but  they  reported  that  IT  falls 
short  when  it  comes  to  innova¬ 
tion  and  other  strategic  contri¬ 
butions,  according  to  a  survey 
by  Forrester  Research. 

But  there's  room  for 
improvement  even  in  areas 
that  executives  think  IT  is 
good  at.  For  example,  only  38 
percent  of  the  540  executives 
surveyed  think  that  IT  is  great 
at  improving  workforce  pro¬ 
ductivity.  More  respondents— 
46  percent— said  this  is  some¬ 
thing  IT  is  only  somewhat  good 
at.  Similarly,  only  34  percent 


said  their  IT  departments  were 
great  at  lowering  company 
operating  costs. 

Even  fewer  execs  think  IT  is 
great  at  making  strategic  con¬ 
tributions.  A  mere  21  percent 
said  that  IT  excels  at  revamp¬ 
ing  core  business  processes. 

The  decision-makers 
surveyed  included  both  IT 


executives  and  business  lead¬ 
ers  such  as  CEOs  and  CFOs. 
Michael  Speyer,  the  Forrester 
senior  analyst  who  led  the 
study,  notes  that  the  IT  execs 
gave  themselves  better  marks 
at  cost-cutting  and  improving 
productivity  than  non-IT  execs 
gave  IT.  Speyer  says  the  ratings 
are  based  on  respondents' 
perceptions  of  IT,  and  he  thinks 
the  differences  of  opinion  sug¬ 
gest  the  need  for  a  common 
language  shared  by  IT  and 
the  rest  of  the  business  when 
evaluating  IT's  performance. 

As  for  why  IT  isn’t  better 
at  contributing  to  strategic 
efforts,  Speyer  points  out  that 
IT  has  had  20  years  of  prac¬ 
tice  supporting  such  areas 
as  improving  efficiency,  but 
only  in  some  companies  has 
IT  been  asked  to  contribute  to 
core  business  transformation. 
For  example,  in  retail,  enabling 
employees  to  go  online  to  find 
the  location  of  an  out-of-stock 
item  or  allowing  customers  to 
order  on  the  Web  and  pick  up 
the  item  in  a  store  are  business 


What  IT  Organizations  Do  Best 


Technology  decision-makers  rate  how  well  IT  supports  business  objectives 


How  much  IT  contributes 


GOAL 

A  LITTLE/ 
NOT  AT  ALL 

SOMEWHAT 

TO  A  GREAT 
EXTENT 

Improving  productivity 

17% 

46% 

38% 

Improving  products  or  processes 

23% 

39% 

38% 

Lowering  costs 

27% 

38% 

34% 

Managing  customer  relationships 

31% 

36% 

34% 

Acquiring  and  retaining  customers 

35% 

33% 

32% 

Driving  innovative  new  products,  services  or  business  practices 

39% 

36% 

25% 

Reengineering  core  business  processes 

41% 

38% 

21% 

Note:  Percentages  may  not  total  100  due  to  rounding. 


innovations  that  aren't  pos¬ 
sible  without  IT.  But  in  general, 
Speyer  says,  IT  execs  have  not 
been  called  upon  to  help  brain¬ 
storm  new  business  models, 
and  so  supporting  innovation 
can  be  outside  the  comfort 
zone  of  many  IT  shops. 


Best 

Practices: 

4  *1  Create  shared 
JLJ  metrics.  Speyer 
says  objective  measure¬ 
ments  that  both  IT  execs 
and  non-IT  execs  can  use 
to  discuss  how  well  IT  is 
doing  can  help  close  gaps 
in  how  IT’s  performance 
is  perceived. 

aI  Make  more 
fc- J  time.  Create 
opportunities  to  work 
on  strategic  initiatives 
by  streamlining  IT 
operations.  For  example, 
consolidating  servers 
using  automated  data 
center  management  tools 
makes  data  center  man¬ 
agement  easier  and  frees 
up  IT  staff  for  other  activi¬ 
ties— like  learning  about 
the  business. 

a"|  Speak  the  CEO's 
O  J  language.  IT 

must  figure  out  how  to 
translate  business  goals 
into  IT  goals.  To  do  so, 
the  CIO  must  learn  the 
language  of  the  busi¬ 
ness  and  understand  its 
processes.  Compared 
with  their  counterparts  in 
large  companies,  CIOs  at 
smaller  companies  may 
find  it  easier  to  get  close  to 
the  action. 


28  JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  CORBIS 


ur  employees, 
tour  ent 


prise 

Now  on  the 
same  page. 

Literally. 


..  -  •  :■ ■- 


:  -V-"  - 


Introducing  Duef 

for  Microsoft  Office  and  SAP. 

Microsoft  and  SAP  have  come  together  in  an  unprecedented  alliance  to  put  the  power  of  SAP  applications  at 
the  fingertips  of  Microsoft  Office  users.  Duet  lets  employees  access  and  interact  with  key  SAP  business  processes 
while  in  their  familiar  Microsoft  Office  environment.  It  was  designed  to  help  boost  productivity  and  increase  policy 
compliance  —  without  additional  training.  Go  online  today  to  view  a  demo  at  duet.com 


Microsoft 


©2006  Microsoft  Corporation.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  ©2006  SAP  AG.  SAP  and  the  SAP  logo  are  trademarks  and  registered  trademarks  of  SAP  AG  in  Germany  and  several  other  countries. 


lose  money 


lose  customers 


WHEN  SERVING  YOUR  CUSTOMERS 


WHATEVER  CHOICE  YOU  MAKE,  YOU’RE  TOAST. 


You  know  that  the  only  way  to  succeed  is  by  serving  your 
customers  better.  But  what  organization  can  afford  to 
throw  endless  dollars  at  improving  the  customer 
experience?  With  RightNow,  you  don’t  have  to  make  a 
deal  with  the  devil. 

RightNow  provides  a  breakthrough  solution  that  lets  you 
enhance  your  customer  experience  while  reducing  costs. 
By  delivering  knowledge  at  every  customer  touchpoint, 
RightNow  helps  you  grow  your  business,  one  customer 


experience  at  a  time.  We’ve  enabled  more  than  a  billion 
successful  customer  interactions  for  our  clients  in  every 
major  industry.  Chances  are,  we  can  help  you,  too. 

Find  out  why  RightNow  leads 
in  client  satisfaction.  Download 
your  free  executive  summary  of 
CRMGuru’s  Solutions  Guide  at 
www.rightnow.com/toast  or  call 
us  toll-free  at  1.877.363.5678. 


TECHNOLOGIES 


ESSENTIAL 


FROM  INCEPTION  TO  IMPLEMENTATION -I. T.  THAT  MATTERS 


Done  well, 
consolidation  and 
virtualization  can 
cut  computing 
costs  while 
improving 
performance 


Those  Incredible 
Shrinking  Servers 

BY  CHRISTOPHER  LINDQUIST 

DATA  CENTERS  |  You  may  be  installing  virtualization  tools  so  that  one  server  can  do 
the  job  of  five.  You  might  be  using  configuration  management  tools  to  swap  applications 
from  one  machine  to  another,  depending  on  load.  You  may  simply  be  looking  to  retire  old 
hardware  in  order  to  run  apps  on  new,  more  energy-efficient  multicore  systems.  But  no 
matter  what  your  strategy,  your  goals  or  your  tactics,  you  still  have  a  problem.  How  the 
heck  do  you  even  know  what’s  out  there  to  consolidate? 

In  large,  dispersed  environments,  identifying  consolidation  opportunities  can  be  a 
time-consuming  job,  requiring  the  combined  efforts  of  engineers  and  systems  architects 
working  with  everything  from  asset  management  tools  to  network  discovery  applications, 
to  performance  monitoring  utilities,  to  homegrown  spreadsheets,  to  big,  old-fashioned 
whiteboards  in  order  to  determine  what  pieces  of  your  hardware  and  software  infra¬ 
structure  might  be  better  off  someplace  else. 

But  a  new  segment  of  products— sometimes  called  data  center  intelligence  or  consoli¬ 
dation  management  tools— are  promising  to  help  you  automate  the  consolidation  process, 


ILLUSTRATION  BY  ANASTASIA  VASILAKIS 


www.cio.com  |  JUNE  15,  2006 


3  1 


essential  technology 


freeing  up  the  time  of  some  of  your  most 
valuable  employees  while  simultaneously 
providing  the  hard  numbers  you  may  need 
to  justify  a  consolidation  project.  And  while 
these  tools  now  come  primarily  from 
smaller  vendors,  the  big  guys  are  gearing 
up  to  include  these  functions  in  their  own 
business  systems  management  suites. 

Here’s  the  hot  news  from  the  consolida¬ 
tion  front. 

A  Consolidation  Tale 

Bell  Mobility,  one  of  the  largest  mobile 
phone  service  providers  in  Canada,  had  a 
problem.  More  accurately,  it  had  one  prob¬ 
lem  (or  crash)  after  another.  Recovering 
some  critical  systems  could  take  hours,  dis¬ 
rupting  services  and  costing  the  company 
serious  money— $2.1  million  per  day  for 
one  system  alone.  So  in  2005  Bell  Mobility 
launched  a  study  to  find  a  way  to  speed  dis¬ 
aster  recovery.  One  of  the  recommenda¬ 
tions  that  emerged  was  to  consolidate 
applications  and  servers  in  order  to  cen¬ 
tralize  recovery  efforts,  with  the  hoped-for 
side  effect  of  improving  server  utilization. 

At  the  beginning  of  the  study,  Bell 
brought  in  a  consultancy  to  evaluate  its 
operations  and  offer  suggestions  for  where 
consolidation  made  sense.  Michel  Trem¬ 
blay,  manager  for  OSS  network  engineering 


at  Bell  Mobility,  thinks  that’s  a  good  way 
to  go.  “If  you  support  those  systems,  it’s 
hard  to  say,  I’m  going  to  cut  off  my  system 
by  so  much  percent,”  he  says.  It’s  more 
likely,  according  to  Tremblay,  that  an  inter¬ 
nal  IT  staff  with  relationships  to  the  sys¬ 
tems  might  be  tempted  to  say,  It’s  working, 
so  why  should  I  do  this? 

Disaster  recovery  benefits  aside,  estimates 


showed  that  if  the  company  could  consoli¬ 
date  its  server  pool  by  25  percent  (its  goal  for 
2006),  it  would  save  $1.5  million  in  hard¬ 
ware  replacement  expenses  over  the  next 
two  years— even  without  including  ongoing 
support  costs  for  the  systems  that  would  no 
longer  exist.  Numbers  like  those  put  Bell  on 
a  path  to  find  a  tool  that  could  help  it  identify 
which  systems  were  ripe  for  consolidation. 
Capacity  analysis  and  asset  management 
tools  could  do  part  of  the  job,  but  Bell  found 
a  product  from  a  small  vendor  that  seemed 
to  address  the  heart  of  the  issue. 

Tool  Talk 

Bell  originally  had  used  startup  Cirba’s  Data 
Center  Intelligence  tool  purely  for  auditing 
purposes.  But  Cirba  believed  its  tool  could 
also  do  capacity  planning  and  analysis. 
“They  took  it  away  and  came  back  with  a 
quick  tool  that  could  do  just  that,”  says  Bell 
Senior  Systems  Analyst  Lou  Sachin. 

Cirba  claimed  that  its  new  tools  could 
provide  data  center  intelligence:  detailed 
reporting  of  asset  utilization  in  the  data  cen¬ 
ter  combined  with  cross-referenced  infor¬ 
mation  about  what  systems  could  be 
consolidated  based  on  factors  such  as  a 
server’s  operating  system  version,  its  uti¬ 
lization  percentage,  its  available  memory,  or 
seemingly  trivial  but  often  critical  details 


such  as  the  time  zone  setting  of  the  system 
clock.  The  tool  generates  reports  that  help 
users  identify  consolidation  opportunities 
without  resorting  to  extended  whiteboard 
sessions  or  trial  and  error.  “What  I  really 
like  is  the  way  they  can  set  you  up  for  con¬ 
solidation,”  says  Andi  Mann,  senior  analyst 
at  IT  consultancy  Enterprise  Management 
Associates.  “The  Cirba  stuff  gives  you  some 


Kill  the  Beige 
Ones  First 

A  simple,  practical  scheme  for 
hardware  consolidation 

Neal  Tisdale.  VP  of  software  development  at 
NewEnergy  Associates,  an  energy  market 
services  provider  owned  by  Siemens,  didn't 
require  a  lot  of  analysis  to  determine  which 
of  his  machines  needed  consolidation.  He 
found  many  of  his  best  candidates  by  their 
color:  beige.  “We  looked  at  our  oldest,  beige, 
putty-colored,  1990s  highest-wattage,  low- 
est-performance  servers  and  started  virtual¬ 
izing  those,"  Tisdale  says. 

And  while  he's  aware  that  a  wide  variety  of 
tools  exist  for  measuring  nearly  every  aspect 
of  data  center  performance,  he  says  that  just 
by  getting  rid  of  the  old  boxes  (23  servers 
consolidated  to  a  pair  of  Sun  4100s  running 
VMware  virtualization  software)  he  avoided 
an  expensive  upgrade  to  the  cooling  and 
power  systems  in  his  data  center.  That  in  turn 
helped  him  to  postpone  buying  extra  tools. 

About  the  only  consolidation  tool  Tisdale 
will  recommend  is  a  physical-to-virtual  con¬ 
version  tool  called  PowerConvert  from 
startup  PlateSpin,  which  helped  him  com¬ 
pletely  clone  some  older  boxes  right  down  to 
the  MAC  addresses  on  their  network  cards, 
thereby  saving  him  from  having  to  recreate 
from  scratch  ancient  hardware  configura¬ 
tions  in  a  virtual  space.  PowerConvert  is  “a 
good  time-  and  risk-saver,”  Tisdale  says. 

-C.L. 

easy-to-use  graphics  and  metrics  on  utiliza¬ 
tion  and  compatibility.  You  could  probably 
achieve  some  of  this  with  some  of  the  high- 
level  management-type  tools  from  IBM  and 
BMC,  but  Cirba  provides  sort  of  a  one-stop 
shop  for  this  specific  functionality.” 

Consolidation-specific  tools  aren’t  a  neces¬ 
sity,  however,  particularly  for  smaller  com¬ 
panies,  says  Michael  Minichino,  director  of 
infrastructure  at  marketing  services  provider 
Parago.  Heading  into  2006,  Minichino  had 
several  new  IT  initiatives  slated  that  would 


Estimates  showed  that  if  Bell  Mobility 
could  consolidate  its  server  pool 
by  25%,  it  would  save  $1.5  million 
in  hardware  replacement  expenses 
over  the  next  two  years. 


3  2 


JUNE  15,  2006  |  www.cio.com 


'Kv'.iVW 


( M' '/ 


ffi/j  s  '.  'iiVyj.’', 


EMC2 

where  information  lives* 


W*  iV:  *1m 


m  m 


I 

! 

1 

PlvfKiKm 

li/'T 


fmii 


/8  C  .  4r‘  f ^ 
*  &*.  *  '■  *  ■»  *  .  f  ,  f 


tWXim 


v;s. 


-S'  v  V ■'.  .'..Vw 


•:.*Y. 


■ 


A#L 

'I 


•:  ■<':  '..  .  .  -  :■'•  V  '■  '  % 

■  ■  -  -  Ml 

•.v.5  't  s  *  1-  wfm 


vi  %  n;.M,  mwm 


V.r,*// 


i ■  i  4  |L )  m 

it'  •-*  ?■? 

Wllllii  #1 

f  i  M 

•V. 

~  ^  *  jff-*  1  )■ 

*V-  ,|S  I® 

,f  A  S  3?ijs*i 

*i?v  •*•!»&  >:  V: 


When  information 


comes  together, 
your  software  puts 
you  at  the  top 
of  the  food  chain. 


$,■ 


*%£r  ***&$£ 


f  ?§W 


\ 

;  :■■&  :fl 


:  *1. 1 


rvti 


tstirwva'KmS&i* 


Information  lives  at  companies  that  run  EMC®  software.  As  one  of  the  world’s  largest  software  providers,  we  help  companies  of  all 


sizes  store,  manage,  protect,  and  share  information.  We  can  do  the  same  for  you— across  applications,  across  platforms,  across  oceans. 
To  learn  more  about  how  the  full  range  of  EMC  software  can  help  you  and  your  company  move  up  in  the  world,  visit  software.EMC.com. 


mb 


EMC.  EMC,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ®  Copyright  2006  EMC  Corporation.  All  rights  reserved. 


essential  technology 


require  either  more  space  at  his  colocation 
facility  or  better  use  of  the  existing  racks. 
Minichino  was  intrigued  by  the  power-per- 
rack-space  claims  of  new  Sun  hardware— 
the  T2000  series  of  servers— and  decided 
to  try  the  latter  route. 

But  he  didn’t  bother  looking  for  a  tool  to 
help  him  figure  his  savings;  he  went  straight 
to  spreadsheets.  “We’ve  purchased  an  asset 
management  tool  mainly  for  tracking  work¬ 
stations,”  Minichino  says.  “[But]  I  haven’t 
really  seen  anything  that  would  give  me 
more  of  a  return  than  spreadsheets.”  His 
calculations  led  him  to  cut  10  servers  from 
his  colocation  facility. 

For  anyone  looking  to  jump  into  the  con¬ 
solidation  toolset  on  the  cheap,  Sun  offers 
a  free,  downloadable  Sim  Datacenter  Java 
application  ( www.sun.com/servers/cool 
threads/simdatacenter )  that  can  calculate  the 
power,  heat  and  space  requirements  of  your 
current  data  center  versus  one  with  differ¬ 
ent  hardware.  (Sun  supplies  templates  for 
its  own  and  some  competing  systems,  but 
you  can  also  configure  your  own.) 

Larger  companies,  however,  may  well 
see  consolidation  tools  as  a  means  of  saving 


With  the  nLayers  tool,  O’Neill  is  able  to 
“let  the  machine  do  the  inventory,”  and  he 
can  dedicate  his  engineers  to  more  impor¬ 
tant  tasks.  NLayers  also  claims  that  its  prod¬ 
ucts  can  map  the  connections  between 
systems  and  identify  underutilized  servers. 

If  all  these  tools  sound  to  you  like  fea¬ 
tures  that  should  be  part  of  larger-scale 
asset  management,  configuration  manage¬ 
ment  or  business  service  management 
tools,  BMC  Software,  IBM  and  other  large 
vendors  want  to  meet  you. 

BMC  says  it  already  has  a  suite  of  tools 
capable  of  initial  device  discovery,  per¬ 
formance  monitoring  and  analysis, 
configuration  management  and  ongo¬ 
ing  optimization.  What  BMC’s  suite  lacks, 
according  to  Dave  Wagner,  solutions  man¬ 
agement  director  for  capacity  management 
and  provisioning  at  BMC,  is  an  easy  inter¬ 
face  to  tie  all  those  operations  together.  But, 
he  says,  customers  can  expect  to  see  the 
bigger  vendors  expand  and  improve  their 
product  lines,  while  the  smaller  vendors 
will  consolidate  or  cooperate  in  order  to 
provide  the  more  wide-ranging  manage¬ 
ment  solution  large  corporations  will  need. 


Getting  in  touch  with  server  owners 
before  you  absorb  their  beloved 
boxes  and  applications  into  your  data 
center  will  help  smooth  the  path  to 
consolidation. 


time  and  effort.  As  part  of  an  application 
consolidation  and  tracking  effort,  David 
O’Neill,  executive  director  of  IT  at  Boise 
State  University,  started  using  a  service  dis¬ 
covery  tool  from  startup  software  vendor 
nLayers.  Previously,  identifying  assets  and 
connections  between  systems  for  audit  or 
troubleshooting  purposes  meant  making 
heavy  demands  on  your  systems  engineers’ 
energy.  “You  put  your  engineering  staff  at 
the  whiteboard,  give  them  a  couple  cans  of 
pop,  and  they  spend  the  rest  of  the  day 
drawing  pictures,”  O’Neill  says. 


Who’s  Being  Served? 

No  matter  how  insightful  they  may  become 
about  the  technical  configuration  of  your  infra¬ 
structure,  these  tools  will  never  be  able  to  map 
your  consolidation  efforts  to  the  political  and 
contractual  landscape  of  your  corporation. 


Keep  Up  Online 


Technology  Editor  Christopher  Lindquist 
scours  the  best  of  what’s  on  the  Web  when 
it  comes  to  emerging  technology.  Read  his 
blog,  TECH  LINKLETTER,  at  blogs.cio.com. 

cio.com 


78%  of 

respondents 
reported 
that  server 
virtualization  is 
either  valuable 
or  critical  to 
achieving 
business 
objectives. 

SOURCE;  ThelnfoPro 


A  word  to  the  wise:  Get  in  touch  with 
the  server  owners  well  before  you  intend  to 
absorb  their  beloved  boxes  and  applica¬ 
tions  into  your  data  center.  This  will  help 
smooth  your  path  as  well  as  help  you  iden¬ 
tify  relatively  early  on  in  the  process  if  there 
are  good  reasons  (compliance,  security  or 
otherwise)  for  keeping  some  seemingly 
underutilized  hardware  right  where  it  is. 

It’s  also  worth  noting  that  internal  poli¬ 
tics  might  be  the  least  of  your  hurdles. 
“Quite  often,  [the  difficulties  lie  in]  vendor 
relations,”  says  Bell  Mobility’s  Tremblay. 
He  notes  that  in  one  case  Bell  Mobility  dis¬ 
covered  a  system  consisting  of  19  servers 
installed  for  one  application  by  a  certain 
vendor  that  Tremblay’s  team  found  could 
be  consolidated  to  nine.  Such  inefficient 
installations  are  going  to  be  a  thing  of  the 
past,  Tremblay  says.  “We  now  say  ‘no 
more,’”  he  insists,  noting  that  Bell  has  cre¬ 
ated  a  policy  of  examining  vendor  archi¬ 
tecture  plans  for  efficiency  before  it  agrees 
to  an  implementation.  “[Vendors]  have  to 
start  thinking  of  redesigning  what  they  are 
selling”  to  make  systems  more  efficient, 
Tremblay  says. 

If  every  IT  organization  does  the  same, 
your  next  consolidation  effort  could  be  your 
last.  Htq 


Technology  Editor  Christopher  Lindquist  can  be 
reached  at  clindquist@cio.com. 


34 


JUNE  15,  2006  |  www.cio.com 


NEED  A  GOOD  REASON  TO  USE  A  3M  PRIVACY  FILTER? 


THE  PERSON  NEXT  TO  YOU  IS  READING  THIS  RIGHT  NOW 


You  get  your  work  done.  The  wandering  eyes  beside  you  see  only  a  dark  screen.  Reassuring  3M™  Privacy  Filters.  Made  of  slim,  protective,  rigid-yet-flexible  polymer. 
Easy  to  attach  and  remove.  Available  for  laptops  in  many  sizes.  Uncanny  3M  microlouver  technology  blocks  out  side  views  while  you  see  your  screen  clearly  as  ever. 
You  have  to  not  see  it  to  believe  it.  Available  only  at  online  retailers.  1 -888-PRIVACY  3MPrivacyFilter.com 


3M 

Privacy  Filters 


'  S  3M  2005.  3M,  Vikuiti  and  the  Vikuiti  "Eye"  symbol  are  trademarks  of  3M. 


Now  you  see  it.  Now  they  don’t. 


By  Paul  Ingevaldson  total  leadership 


Getting  in  Sync 

Your  reputation  for  performance  depends  on  your  ability  to  align  with  end  users 


I  started  my  career  in  IT  in  1965,  when  I  worked  as  assis¬ 
tant  to  the  production  manager  for  a  company  called 
Data  Processing  Consultants.  I  retired  in  December 
2004  as  the  CIO  and  senior  vice  president,  interna¬ 
tional  and  technology,  with  Ace  Hardware.  During  those  40 
years,  I’ve  witnessed  the  seminal  events  of  the  information  age, 
from  the  introduction  of  the  IBM  360  computer  (the  first  fam¬ 
ily  of  mainframes  with  compatible  operating  systems)  to  the 
emergence  of  the  Internet  and  wireless  technology. 

We  all  know  how  IT  has  revolutionized  business.  In  a 
speech  last  year,  Alan  Greenspan  credited  IT  in  part  for  the 
resilience  of  the  U.S.  economy  in  the  face  of  “stock  market 
crashes,  credit  crunches,  terrorism  and  hurricanes— blows 
that  would  have  almost  certainly  precipitated  deep  reces¬ 
sions  in  decades  past.” 

Given  IT’s  impact,  it  would  be  natural  to  conclude  that  IT 
departments  and  the  CIOs  who  run  them  are  heroes.  You 
would  be  wrong.  Despite  the  dramatic  and  revolutionary 
changes  implemented  by  IT,  the  IT  department  is  still  treated 
like  a  necessary  evil  in  many  companies. 

We  still  have  the  reputation  of  taking  too  long,  not  deliv¬ 
ering  exactly  what  is  needed  and  not  being  sensitive  to  the 
needs  of  the  corporation.  CIOs’  job  tenure  is  still  relatively 
short,  averaging  just  under  five  years.  Nicholas  Carr  has  con¬ 
vinced  many  non-IT  executives  that  IT  doesn’t  matter.  Lack¬ 
ing  a  fundamental  understanding  of  the  value  of  IT, 
companies  outsource  some  or  all  of  the  IT  department.  Many 
CFOs  still  look  at  IT  as  a  cost  rather  than  an  investment.  I’ve 
even  heard  comments  by  IT  professionals  suggesting  that 
this  is  not  a  good  career  for  their  kids  to  pursue. 


3  6 


JUNE  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  JUD  GUITTEAU 


_DAY  11:  This  storage  sprawl  is  mind  boggling.  All 
this  data  is  suffocating.  The  boxes  are  everywhere. 
And  what  they  lack  in  scalability  and  access,  they 


make  up  for  in  cost  and  sheer  numbers,  i’ ve  gone  into 
hidina  under  mv  desk.  I  don’ t  know  what  else  to  do. 


UuWWWUWU | 


By  Paul  Ingevaldson 


TOTAL  LEADERSHIP 


Painful  as  it  is  to  admit,  this  is  our  fault,  because  we  fail  to 
exercise  leadership  among  our  senior  executive  peers.  We 
don’t  demand  a  strict  adherence  to  the  basic  rules  of  project 
management,  we’re  too  willing  to  accept  the  blame,  we’re  not 
always  sensitive  to  the  needs  of  the  business  and  we  fail  to 
communicate  our  achievements. 

Stop  Taking  the  Blame 

IT  departments  are  staffed  by  people  who  thrive  on  getting  sys¬ 
tems  to  run.  To  many  of  them,  time  and  budget  is  less  important 
than  getting  it  right.  But  business  executives  expect  perform¬ 
ance.  When  CIOs  aren’t  skilled  at  setting  expectations  or  are  not 
at  the  table  when  decisions  are  made,  oftentimes  IT  bears  the 
blame  if  something  goes  wrong  with  the  technology. 

It’s  up  to  CIOs  to  change  this  mind-set  by  making  sure  busi¬ 
ness  users  and  IT  collaborate  on  systems  development.  CIOs 


should  not  allow  development  to  go  forward  without  clear  spec¬ 
ifications  from  users  (who  tend  to  hope  that  IT  can  figure  out 
what  they  want).  CIOs  must  also  insist  that  when  users  make 
major  changes  during  development,  these  are  documented  and 
that  user  management  signs  off  on  new  costs  and  time  lines. 

Several  years  ago  Ace  implemented  an  incentive  program  for 
developers  that  paid  off  only  if  they  achieved  the  agreed-upon 
budget  and  time  line  for  a  project.  Immediately,  they  took  their 
collaboration  with  user  departments  more  seriously.  Both 
users  and  developers  realized  that  there  was  a  strong  incentive 
to  maintain  the  original  schedule  and  put  requests  for  addi¬ 
tional  functionality  into  future  phases  of  a  project. 

IT  also  documented  any  modifications  in  monthly  project 
reports,  which  we  provided  to  everyone  in  the  company.  As  a 
result,  no  one  could  say  that  they  were  not  informed  of  and 
involved  with  project  changes.  This  took  pressure  off  of  IT 
and  assigned  business  users  some  of  the  responsibility  for 
cost  increases  and  delays. 

Use  Business  Smarts 

CIOs  should  speak  like  businesspeople.  We  should  talk  about 
trade-offs,  backup  plans  and  business  strategy.  We  mustn’t 
think  that  the  toughest  problems  reside  in  the  IT  department. 
We  must  understand  the  cost  structure  of  user  departments 
and  the  pressures  that  users  are  under  to  achieve  their  goals. 

IT  must  serve  all  of  its  masters  in  a  company,  not  just  the 
most  powerful  ones  or  the  ones  who  shout  the  loudest.  We  must 
be  aligned  with  corporate  business  needs,  not  with  IT’s  needs. 
CIOs  must  play  an  active  role  here  by  making  senior  manage¬ 


ment  aware  of  new  technologies  and  how  those  advancements 
can  save  the  company  money  or  increase  productivity. 

I  learned  this  lesson  back  in  the  early  1980s,  when  Ace  was 
using  a  very  costly  cut-and-paste  process  for  producing  our 
dealer  catalog.  We  investigated  what  were  then  new  laser  print¬ 
ing  technologies  that  could  print  both  text  and  pictures.  The 
system  saved  the  company  millions  of  dollars  a  year. 

Demonstrate  Results 

It’s  hard  to  get  recognition  for  your  contributions  when  no 
one  knows  what  they  are.  The  post-implementation  audit  is  one 
way  to  identify  whether  a  system  has  achieved  its  promised 
results,  but  these  reviews  are  seldom  done  in  any  formal  way. 
As  a  result,  advantages  of  the  system  become  embedded  in 
the  cost  structure  of  the  user  department  and  IT  is  never  iden¬ 
tified  as  the  source  of  the  improvements.  Most  IT  departments 

don’t  care  about  this  because  they  are 
on  to  the  next  project.  Meanwhile,  the 
user  department  is  more  than  happy 
to  take  full  credit  for  the  benefits. 

I  found  it  difficult  to  get  my  com¬ 
pany  to  conduct  post-implementation 
audits.  A  major  reason  is  that  these 
can’t  be  done  just  by  IT.  They  depend  on  a  collaboration  between 
IT  and  the  user  department;  the  cost  savings  can  be  identified 
only  by  the  users.  The  best  way  to  achieve  this  is  to  make  post¬ 
implementation  audits  a  best  practice  within  your  company 
(and  ensure  that  top  management  requires  them).  Making  post¬ 
implementation  reviews  a  function  of  a  third-party  organization 
such  as  internal  audit  helps  to  encourage  all  parties  to  partici¬ 
pate. 

When  I  have  been  able  to  do  it,  it  has  achieved  the  desired 
effect  of  proving  the  business  case.  For  example,  when  Ace 
implemented  a  data  warehousing  system,  our  CEO  demanded 
that  the  user  departments  quantify  the  long-term  benefits  before 
he  approved  the  project.  Once  the  system  was  implemented,  he 
required  the  major  users  to  report  quarterly  to  the  executive  offi¬ 
cers  what  benefits  they  were  realizing  from  the  system.  By  hold¬ 
ing  users  accountable  for  the  results,  this  approach  ensures 
that  future  cost/benefit  analyses  will  be  more  accurate. 

If  we  can  get  users  to  understand  that  they  must  engage  in  pre¬ 
system  development  and  post-implementation  audits,  we  will 
ensure  a  higher  degree  of  successful  system  delivery  and  account¬ 
ability  for  results.  Only  when  our  colleagues  know  what  to 
expect  from  us,  when  they  understand  what  we  do,  and  when 
they  trust  we  understand  their  needs,  will  we  begin  to  change 
many  of  the  stereotypes  that  have  followed  us 
from  the  early  days  of  computing.  QEl 


Paul  Ingevaldson  was  CIO  of  Ace  Hardware  until 
his  retirement  in  2004.  You  can  e-mail  feedback  to 
leadership@cio.com. 


Developers  took  collaboration  with  user 
departments  more  seriously  when  we 
implemented  incentives  for  achieving 
agreed  upon  budgets  and  time  lines. 


3  8 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  JEFF  SCI0RTIN0 


Take  back  control  ™  with  IBM  System  Storage ™ 


Control  means  manageability.  IBM  System  Storage  can  consolidate 
your  diverse  environments  into  a  single  footprint,  while  maintaining  the 
necessary  separation  of  those  environments. 


Control  means  simplicity.  Access  systems  management  information 
from  a  common  interface  that  lets  you  manage  your  storage  platforms,  even 
non-IBM  platforms. 


Control  means  flexibility.  IBM  System  Storage  doesn't  lock  you  into 
bigger  up-front  systems.  A  range  of  products  gives  you  cost-effective 
scalability  so  you  can  pay  as  you  grow. 

Control  means  less  is  more.  IBM  Systems  offer  a  broad  portfolio  of 

infrastructure,  not  to 


IBM.COM/TAKEBACKCONTROL/STORAGE 


Storage  products  may  require  purchase  of  more  than  one  product  to  implement  these  capabilities  and  may  not  be  available  on  pictured  product  IBM,  the  IBM  logo,  System  Storage,  and  Take 
Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product,  and  service  names 
may  be  trademarks  or  service  marks  of  others.  ©2006  IBM  Corporation.  All  rights  reserved. 


IT'S  ALL  ABOUT  THE  EXECUTION 


Michael  Schrage 


Gifts  that  Keep  on  Giving 

As  top  investment  banks  have  discovered,  giving  away  software  tools  to  key 
customers  and  suppliers  can  save  both  of  you  lots  of  time  and  money 


Frustrated  by  schedule  slips  and  confused  ques¬ 
tions,  a  developer  at  one  of  the  world’s  largest  tele¬ 
com  companies  did  something  he  really  wasn’t 
supposed  to  do:  He  gave  away  his  code  to  a  key  cir¬ 
cuit  chip  supplier.  His  motivation  wasn’t  generosity;  it  was 
self-interest.  His  company’s  supplier  consistently  had  to  run 
through  two  or  three  complex  iterations  to  meet  the  soft¬ 
ware’s  evolving  specifications.  That  prompted  persistent 
delays  in  release  dates,  sometimes  by  weeks,  and  threatened 
other  software  development  and  manufacturing  schedules.  To 
accelerate  the  process,  the  developer  had  written  a  little  per¬ 
sonal  tool  that  tested  critical  functionality  of  the  supplier’s 
embedded  software.  It  worked. 

In  a  blinding  epiphany  of  the  obvious,  the  developer  real¬ 
ized  everyone  would  benefit  if  he  just  gave  away  the  code.  So 
he  spent  20  minutes  writing  documentation  and  another  few 
minutes  slapping  on  an  interface  he  thought  the  supplier 
would  find  easy  to  use.  It  did.  His  under-a-hundred-lines 
software  giveaway  probably  saved  both  companies  well  over 
$500,000  in  time  and  testing.  Not  only  did  the  supplier’s 
development  team  gobble  up  his  code,  they  came  back  with 
ideas  to  make  their  module  better.  That  previously  personal 
tool  had  given  the  developer’s  company  keener  insight  into  its 
customer’s  software  design  sensibility.  It  produced  better 
software  faster  based  on  that  simple  freeware  “gift.” 

That’s  the  kind  of  gift  that  more  CIOs  should  insist  their  IT 
organizations  give.  After  all,  they  have  an  untapped  and  under¬ 
utilized  asset  that  has  strategic  implications  for  customer  and 
supplier  relationships.  The  odds  are  excellent  that  their  IT 
organizations  are  filled  with  portfolios  of  personal  tools  that, 


4  0 


JUNE  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  DARCY  MUENCHRATH 


Treat  secure  storage  as  a  priority. 

(And  you  won't  have  to  treat  lost  data  as  a  tragedy.) 


EMC  Windows®  File 
System  Archiving  with  Centera 


EMC  CLARiiON®  CX700  Array 


Archiving  made  simple,  affordable  and  secure 
Combines  a  policy-based  file  management 
system  with  an  EMC  Centera  active  archive 
Leverages  EMC's  EmaiIXtender  for  Windows® 
software,  as  well  as  its  world-leading 
disk-based  archiving  platform 
Comes  with  2.2TB  of  usable  capacity  and  fits 
into  industry-standard  racks 


Based  on  a  proven  seventh-generation  architecture, 
the  CX700  offers  the  mid-tier's  most  scalable  and 
reliable  system  for  storage  consolidation 
Scales  up  to  76TB  with  a  modular  pay-as-you-grow 
approach 

With  Fibre  Channel  SAN  support  for  up  to  256 
dual-connected  hosts,  it  scales  to  meet  your  most 
challenging  requirements 


EMC 


EMC 


where  information  lives 


where  information  lives 


EMC  VisualSRM™ 

•  Data  center-class  software  specially  architected  to 
provide  centralized  storage  resource  management 
for  mid-tier  storage  environments 

•  It  supports  a  wide  range  of  storage  platforms, 
server  platforms  and  data  center  applications 


EMC  EmaiIXtender® 

•  Centralized  message  storage,  regulatory 
compliance  and  legal  discovery  support 

•  Enterprise-class  system  for  retaining  and 
managing  email  as  a  record  of  business 

•  Messages  are  captured  in  real  time,  fully 
indexed  and  migrated  from  the  message 
server  to  a  centralized  archive 


EMC 


EMC 


$3285.99  CDW  567033 


$965.99  CDW  866812 


The  Storage  Solutions  You  Need  When  You  Need  Them 

Today,  with  more  data  being  stored,  more  assets  are  at  stake.  And  there  is  a  big  difference 
between  storage  and  secure  storage.  CDW  has  storage  and  backup  specialists  that  will  work 
with  you  to  find  the  right  solution  for  your  setup.  Then,  we'll  draw  from  a  full  line  of  top-name 
storage  technology  so  you  can  increase  capacity  and  reduce  risk.  So  call  today  and  make  sure 
your  data  and  your  company  are  secure. 


The  Right  Technology.  Right  Away. 

CDW.com  •  800.399.4CDW 

In  Canada,  call  888.898. CDWC  •  CDW.ca 


Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©  2006  CDW  Corporation 


Michael  Schrage 


IT'S  ALL  ABOUT  THE  EXECUTION 


with  just  a  bit  of  thought  and  polish,  could  be  externalized  to  save 
time,  effort,  and  resources  for  key  customers  and  suppliers. 

Digital  designers,  developers,  programmers  and  testers 
create  these  kinds  of  informal  toolkits  all  the  time.  The  catch 
is  that  they’re  almost  always  too  personal;  they’re  built  for  the 
express  use  of  the  individual  and  no  one  else.  But,  unsur¬ 
prisingly,  the  potential  value  of  these  personal  innovations  can 
go  far  beyond  the  individual. 

Most  of  the  time,  people  have  no  interest  in  how  you  solve 
a  particular  IT  problem.  But  for  those  aspects  of  a  problem 

Giving  away  software  makes  it  easier  for  your  customers 
and  suppliers  to  take  a  chance  on  your  innovations  and 
change  management  initiatives. 


attractive.  They  make  it  easier  and  safer  for  your  customers 
and  suppliers  to  take  a  chance  on  your  innovations  and 
change-management  initiatives.  CIOs  should  treat  this  as  the 
enormous  opportunity  it  is. 

It’s  easy  to  imagine  a  store  chain  sharing  some  of  its  sup¬ 
ply  chain  and  inventory  management  tools  with  its  key  sup¬ 
pliers.  Similarly,  many  companies  reliant  on  CRM  might 
benefit  if  their  best  customers  could  serve  themselves  with  the 
help  of  the  informal  tools  they’re  already  using  to  customize 
the  system. 


(or  opportunity)  that  they  might  like  some  control  or  influ¬ 
ence  over,  they’re  very  interested  in  whatever  insights  and 
shortcuts  you  might  have  to  offer.  If  it’s  in  code  they’re  confi¬ 
dent  already  works,  so  much  the  better. 

These  tools  have  particular  credibility  and  authenticity 
because  your  people  are  already  using  them  to  make  their  lives 
easier.  All  it  takes  is  a  smidgen  of  ingenuity  and  investment  to 
turn  the  tools  into  platforms  that  make  the  business  lives  of 
your  customers  and  suppliers  easier.  Cost-effectively  leverag¬ 
ing  an  existing  investment  is  smart  business. 

Investment  Bank  Giveaways 

The  world’s  top  investment  banks  are  all  familiar  with  this 
idea.  Goldman  Sachs,  Credit  Lyonais  and  Merrill  Lynch  prof¬ 
itably  peddle  billions  of  dollars’  worth  of  synthetic  securities 
and  derivative  instruments  to  Fortune  1000  firms  and  hedge 
funds.  For  obvious  reasons,  many  prospective  customers  for 
these  “exotics”  don’t  hesitate  to  use  these  complex  instruments 


Add  a  Comment 


Has  the  open-source  era  changed  the  very 
concept  of  what’s  proprietary?  How  does 
giving  away  tools  you’ve  spent  time  and 
money  developing  sit  with  you?  Add  a  com¬ 
ment  to  the  online  version  of  this  article. 

Go  to  www.cio.com/061506. 

cio.com 

software  “wind  tunnel”  and  stress  testing  algorithms  that  they 
themselves  used  to  design  the  instruments  in  the  first  place. 
They  essentially  told  potential  clients:  Here,  you  can  use  the 
same  tools  we  use  to  design  and  test  our  products  to  test  them  for 
yourselves.  Go  ahead  and  play  until  you’re  comfortable.  If  any 
questions  or  problems  crop  up,  we’ll  be  happy  to  address  them. 

In  this  growing  era  of  open-source  software  tools  and  devel¬ 
opment,  the  economics  of  externalizing  the  tools  your  sys¬ 
tems  designers,  developers  and  testers  use  become  far  more 


for  risk  management  and 
speculation.  So  what  did 
the  banks  gradually  real¬ 
ize?  Listening  to  their  cus¬ 
tomers  and  trying  to  sell  to 
them  wasn’t  good  enough. 

They  began  to  give  away 
their  own  tools.  They  gave 
their  prospects  the  same 


While  this  approach  most  naturally  lends  itself  to  B2B  inter¬ 
actions,  little  creativity  is  required  to  come  up  with  scenarios 
where  consumers  can  benefit  from  tool-sharing.  For  example, 
if  Amazon  or  Apple  iTunes  programmers  shared  some  of  the 
tools  they  use  to  tweak  and  fine-tune  the  algorithms  of  their 
popular  recommendation  engines,  it’s  likely  that  many  cus¬ 
tomers  would  love  to  use  them  to  better  personalize  book  and 
song  selections. 

The  CIO  challenge  is  straightforward:  What  are  the  fastest, 
easiest  and  most  cost-effective  ways  to  learn  what  kinds  of 
informal  digital  toolsets  exist  within  the  enterprise? 

The  next  step  is  slightly  more  challenging  but  far  more  fun: 
What  are  the  10  or  IS  tools  that  you’re  productively  using 
inside  the  organization  that  might  really  have  a  big  impact  on 
a  customer,  client,  business  partner  or  supplier  if  you  gave 
them  away?  Needless  to  say,  this  question  creates  the  oppor¬ 
tunity  for  all  kinds  of  interesting  conversations  with  market¬ 
ing,  sales  and  procurement  personnel  within  the  company. 

The  third  step  is  the  trickiest:  What  kind  of  marginal  invest¬ 
ments  must  you  make  to  turn  these  informal  tools  into  user- 
friendly,  accessible  and  economically  valuable  tools  for  your 
target  market?  If  the  investment  is  more  than  marginal,  it  may 
ruin  the  economics  of  your  initiative.  And  if  the  tools  are  sim¬ 
ply  too  cumbersome  or  complex  to  be  used  by  a  desired  con¬ 
stituency,  they  won’t  work. 

But  if  you  are  a  CIO  who  cares  about  innovation  and  who 
wants  to  cultivate  a  reputation  for  turning  underutilized  assets 
into  new  business  value,  deciding  which  tools  to  give  away  mer¬ 
its  pride  of  place  on  your  priority  list.  To  be  sure,  this  requires  that 
you  broaden  and  deepen  your  understanding  of  both  your  cus¬ 
tomer  and  your  own  organization.  But  really, 
shouldn’t  you  be  doing  that  anyway?  BE] 


Michael  Schrage  is  codirector  of  the  MIT  Media 
Lab’s  eMarkets  Initiative.  He  can  be  reached  at 
schrage@media.mit.edu. 


42 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  JOHN  SOARES 


Leaders  Wanted/CIO  Challenge  Series 


Challenge  #1: 

Teach  everyone  how  to  innovate  with  IT. 

Solution: 

Hyperion — your  management  system 
for  the  global  enterprise. 

Technology  drives  innovation.  That  makes  you  Chief  Innovation  Officer. 
So,  how  do  you  transform  innovation  from  a  buzzword  into  a  sustainable 
part  of  your  business?  Visionary  CIOs  are  leading  the  way  with  Hyperion 
performance  management  solutions.  With  Hyperion,  you  break  down  the 
barriers  between  finance,  operations,  and  IT  and  align  them  around  a 
master  data  set.  You  give  everyone  the  tools  they  need  to  continuously 
analyze  and  manage  business  performance — and  invent  new  ways  to 
improve  it.  Isn’t  that  what  real  innovation  is  all  about? 


FREE  ARTICLE  FROM  HARVARD  BUSINESS  REVIEW 
How  do  other  IT  leaders  drive  innovation? 

Discover  new  insights  and  best  practices  from 
the  Harvard  Business  Review  and  Hyperion. 

Go  te  www.hyperion.com/go/leaders 


#  Hyperion 

The  future  in  sight 


©2006  Hyperion  Solutions  Corporation.  All  rights  reserved.  “Hyperion,"  the  Hyperion  logo  and  Hyperion’s  product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their  products 
use  trademarks  owned  by  the  respective  companies  and  are  for  reference  purpose  only. 


[-rtr.-'  m'  -i  r 


Ctri 

l _ 

Peer  to  Peer 


FIELD-TESTED  IDEAS  FROM  CIOs  FOR  CIOs 


Red  Light,  Green  Light 

How  one  CIO  used  project  management  discipline  and  the  Traffic  Light  Report 
to  align  her  IT  department  with  her  company’s  business  goals 

BY  CATHERINE  ACZEL  BOIVIE 


When  I  joined  Pacific  Blue  Cross  in  2003  as  VP 
of  IT,  the  CEO  and  I  agreed  on  two  founda¬ 
tional  principles:  1.  Technology  has  no  value 
by  itself,  and  2.  Technology  management  must 
switch  its  focus  from  operational  to  business  enabler.  These 
principles  may  seem  self-evident,  but  the  truth  is,  when  there’s 
a  flurry  of  projects,  all  of  them  important  to  some  aspect  of  the 
business,  technology  management  can  all  too  easily  get  swept 
away  in  putting  out  fires.  This  seemed  to  be  what  was  hap¬ 
pening  at  Pacific  Blue  Cross  when  I  arrived.  With  nearly  2  mil¬ 
lion  members  covered,  Pacific  Blue  Cross  is  the  market  leader 
in  providing  health-care  and  dental  coverage  to  residents  of 
British  Columbia.  Our  subsidiary,  Blue  Cross  Life,  also  offers 
life  insurance  and  disability  income  protection. 

While  I  understood  my  mission— turning  the  IT  depart¬ 
ment  into  an  enabler  of  business— the  journey  has  been  far 
from  straightforward.  It’s  been  a  long  road  with  many  bends 
and  even  a  few  dead-ends.  Even  so,  there’s  no  doubt  we’re 
making  progress.  How  did  we  do  it? 

Project  Management  to  the  Rescue 

First  and  foremost,  we  began  to  align  every  project  to  Pacific 
Blue  Cross’s  Balanced  Scorecard.  The  Scorecard  shows  and 
measures  the  organization’s  performance  from  six  perspectives: 
qualitative,  quantitative,  infrastructure,  clients,  people  and  com¬ 
munity-related  goals.  Every  project  is  now  justified  in  terms  of 
how  it  supports  the  goals  described  in  the  Scorecard.  That  keeps 
the  company’s  goals  clearly  in  sight  for  all  and  shows  how  tech¬ 
nology  relates  to  and  enables  the  business. 

After  assembling  a  list  of  all  the  projects  we  were  working 


4 


JUNE  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  MICHELLE  THOMPSON 


Strengthen  the 
management  and 
compliance  of  your 
network  security. 


Secure  your 
online  transactions 
with  the  Web’s  most 
trusted  brand. 


.  Eliminate  spam  and 
1  malicious  threats  while 
^.'efficiently  managing 
Pi&  and  archiving  your 
company’s  email.  fi;< 


Prote 


VeriSign  intelligent  infrastructure  at  work 


Today  and  every  day,  VeriSign  intelligent  infrastructure  services  enable  and  protect  all  kinds  of  network 


interactions  in  today’s  complex  digital  world.  VeriSign  offers  a  host  of  mission-critical  security  services  to 


mitigate  reputational,  operational,  and  compliance  risks  in  the  simplest,  most  cost-effective  way  possible. 


VeriSign."  Where  it  all  comes  together.™ 


www.verisign.com/intelligence 

Download  the  free  white  paper  on  intelligent  infrastructure  services. 


©2006  VeriSign,  Inc.  All  rights  reserved.  VeriSign,  the  VeriSign  logo,  "Where  it  all  comes  together,”  and  other  trademarks,  service  marks,  and 
designs  are  registered  or  unregistered  trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 


Peer  to  Peer  FIELD-TESTED  IDEAS  FROM  CIOs  FOR  CIOs 


on,  I  introduced  the  project  management  office  (PMO)  function. 
This  office  oversees  all  projects  of  more  than  one  month’s 
effort— from  the  business  case  to  a  post-implementation  review. 
We  fashioned  this  as  a  corporatewide  PMO,  because  all  proj¬ 
ects  require  disciplined  management  and  almost  all  projects  at 
Pacific  Blue  Cross  have  a  technology  component. 

The  business  welcomed  the  PMO,  since  it  gave  it  an  overall 
view  of  all  projects  (in  the  planning,  execution  or  close-out 
stages)  as  well  as  monthly  updates  on  their  status. 

To  ensure  the  success  of  this  new  process,  the  PMO  (a  manager, 
three  project  managers  and  two  to  five  contract  project  managers, 
depending  on  the  project  mix)  conducted  three  half-day  work¬ 
shops  for  personnel  who  would  be  managing  or  sponsoring  proj¬ 
ects.  These  sessions  helped  to  obtain  buy-in.  But  as  theory  is 
nothing  without  practice,  the  workshops  were  followed  by  indi¬ 
vidual  coaching  sessions  for  the  project  managers.  Finally,  we 
put  all  the  project  management-related  processes  online  so  that 
everyone  has  a  shared  knowledge  base. 

The  PMO  regularly  reports  project  status  to  IT  management, 
the  executive  committee  and  the  board  of  directors  through 
the  aptly  named  Traffic  Light  Report.  This  report  lists  each 
project  along  with  a  short  description,  its  schedule,  the  stage  it 
is  at  and  a  status  comment.  Next  to  the  project  is  a  red,  yellow 
or  green  symbol  that  quickly  identifies  whether  the  project  is  on 
time,  on  budget  and  on  scope.  The  report  is  also  posted  on  our 
intranet  so  that  all  employees  can  follow  a  particular  project’s 
progress.  The  Traffic  Light  Report  has  become  a  critical  tool  for 
demonstrating  technology’s  value  to  the  business. 

Gate  1,  Gate  2,  Gate  3... 

In  my  second  year  at  PBC,  I  introduced  IT  governance— in  the 
form  of  a  gating  process.  Why  wait  until  the  second  year? 
Because  past  experience  has  taught  me  that  too  much  change, 
introduced  too  quickly,  does  more  harm  than  good.  Circuit 
overload  may  cause  pushback! 

Now,  before  a  project  can  even  get  to  the  doorstep  of  the 
approval  process,  it  has  to  be  sponsored  by  a  vice  president. 
Only  then  is  it  ready  for  gate  1— or  what  we  call  the  “thumbs 
up/down”  gate.  Here,  the  executive  sponsor  presents  the  idea 
to  the  executive  committee,  and  the  members  give  it  a  thumbs 
up  or  thumbs  down.  If  the  project  is  approved,  the  proposal 
continues  to  the  next  level  (gate  2). 

For  gate  2,  the  sponsor  presents  a  detailed  cost-benefit  analy¬ 
sis,  because  no  matter  how  wonderful  the  idea,  if  the  cost  is  too 
high  for  the  projected  benefits,  that’s  it.  If  it  passes  gate  2  and 
is  more  than  $500,000,  a  gate  3  or  detailed  business  case  is  pre¬ 
pared.  Gate  4  is  only  for  projects  that  have  to  be  reviewed  at  the 
executive  level  because  they  cost  more  than  $1  million  or  are 
very  complex.  Gate  5  is  the  post-implementation  review. 

Last  year,  for  example,  our  senior  VP  of  client  development 
presented  a  gate  1  concept  of  adding  dental  and  extended  health 
usage  information  to  our  member  portal.  The  executive  com- 


Past  experience  has  taught 
me  that  too  much  change, 
introduced  too  quickly, 
does  more  harm  than  good. 


mittee  gave  his  idea  the  “thumbs  up.”  The  PMO  then  helped 
him  to  develop  a  gate  2  high-level  business  case,  which  was  also 
approved.  As  a  result,  our  members  can  now  obtain  informa¬ 
tion  online  about  their  coverage  usage,  thus  reducing  the  num¬ 
ber  of  calls  to  our  call  center. 

Through  our  “gating  governance,”  everyone  can  see  how 
projects  are  prioritized  and  approved.  We’re  able  to  plan  and 
measure  benefits  of  projects  and  assess  how  they  enable  our 
business  initiatives. 

Even  though  projects  of  more  than  a  month’s  effort  are  now 
overseen  by  the  PMO,  projects  of  smaller  effort  also  need  to  be 
kept  aligned  with  business  needs.  To  do  that,  we  established  the 
change  review  board.  Headed  by  a  manager  from  the  busi¬ 
ness  area,  this  board  reviews  all  change  requests,  assigning  pri¬ 
orities  based  on  how  the  change  will  enable  the  business.  Three 
years  ago,  IT  was  swamped  with  more  than  700  change 
requests  and  there  was  not  much  hope  we’d  get  to  all  of  them. 
So  we  asked  all  owners  of  change  requests  to  resubmit  any 
requests  that  were  over  a  year  old.  With  the  change  review 
board  prioritizing  the  requests,  we’re  now  able  to  see  which  are 
the  most  pressing,  which  ones  overlap  and  which  will  be  super¬ 
seded  by  some  that  are  more  encompassing. 

In  three  years  we’ve  come  a  long  way,  and  these  new  initia¬ 
tives  would  not  have  succeeded  without  the  active  involve¬ 
ment  of  senior  management  and  the  IT  team’s  hard  work.  But 
we  still  face  a  number  of  challenges. 

For  instance,  we  still  need  to  do  a  better  job  of  conducting  reg¬ 
ular  postmortems  of  larger  projects  to  gather  lessons  learned. 
And  even  when  we  do  gather  lessons  learned  on  an  ad  hoc 
basis,  we  still  aren’t  disseminating  them  to  the  appropriate  per¬ 
sonnel  so  they  can  learn  from  previous  experiences.  Some  of  the 
new  technology  we  are  implementing— portals,  document  man¬ 
agement  and  knowledge  management— should  help  with  this. 

The  road  to  Rome  wasn’t  built  in  a  day.  But  there’s  one  thing 
we’re  confident  of:  The  framework  we’ve  put  in  place  not  only 
ensures  that  IT  is  already  more  focused  on  business,  but  that 
focus  is  advancing  our  business  goals.  In  short,  IT  is  enabling 
all  the  employees  of  Pacific  Blue  Cross  to  serve  our  members 
better.  BE] 


Dr.  Catherine  Aczel  Boivie  is  the  senior  VP  of  IT  at 
Pacific  Blue  Cross.  She  is  the  founding  chair  of  the 
CIO  Association  of  Canada  and  (perhaps  the  activity 
she  enjoys  most)  a  Big  Sister.  She  can  be  reached  at 
cboivie@pac.bluecross.ca. 


46 


JUNE  15,  2006  |  www.cio.com 


Motio 

Computing 


® 


INNOVATION 

in  Mo  tion 


In  the  U.S.  and  Canada,  contact  your 

Motion  Solution  Provider, 
call  1.866.MTABLET  or 
visit  www.motioncomputing.com 


Motion's  LEI  600  12.1"  display 
and  Intel®  Centrino®  Mobile 
Technology  gives  you  exceptional 
mobile  performance  and  productivity. 


MOBILE 

TECHNOLOGY 


>  Motion  Computing.  Inc.  All  rights  reserved.  All  product  information  is  subject  to  change  without  notice.  Motion  Computing,  Speak  Anywhere  and  View  Anywhere  are  registered  trademarks  and  Motion  is 
Remark  of  Motion  Computing.  Inc.  in  the  United  States  and/or  other  countries.  Microsoft  Windows.  Windows  XP  and  Windows  XP  Tablet  PC  Edition  are  either  registered  trademarks  or  trademarks  of  Microsoft 
oration  in  the  United  States  and/or  other  countries.  Intel,  Intel  logo,  Intel  Inside,  Intel  Inside  logo,  Intel  Centrino,  Intel  Centrino  logo,  Celeron  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel 
oration  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  other  trademarks  and  registered  trademarks  are  property  of  their  respective  owners. 


ance 

climb 


■ 


The  remarkable  Motion  LEI  600  Tablet  PC  with  Intel®  Centrino®  Mobile  Technology  and 
integrated  high-speed  wireless  delivers  exceptional  mobile  performance  and 
productivity.  Experience  the  versatility  and  mobility  of  the  Motion  LEI  600 
pre-installed  with  Microsoft®  Windows®  XP  Tablet  PC  Edition  2005. 

It's  pure  innovation  right  in  your  hands. 


Motion  recommends 


vlicrosoft®  Windows®  XP  TabletPC  Edition. 


Experience  advanced  design  features  that  let  you  move  and  work  freely  -  like 
Motion's  12.1”  View  Anywhere®  display  for  crisp,  wide-angle  viewing,  both 
indoors  and  out.  Record  audio  notes  with  Speak  Anywhere®  technology 
that  intelligently  cancels  out  unwanted  noise  and  distractions,  even 
in  loud  locations.  Go  ahead  and  push  mobile  computing  to  the 
limit  -  the  slim  Extended  Battery  keeps  you  productive 

for  up  to  a  full  day. 

The  LE1600  Tablet  PC  offers  a  true  breakthrough  in  optimizing  mobility, 
battery  life  and  flexibility.  Today's  business  world  moves  fast. 
Count  on  Motion  for  smart  mobile  computing  products 

that  keep  you  ahead  of  the  game. 


I 


Knowledge  at  Your  Fingertips 

on  ClO.com’s  White  Paper  Library 

Visit  the  CIO.com  White  Paper  Library  for  case  studies 
and  educational  tools,  searchable  by  IT  categories. 


White  Paper  Topics  Include: 
»  Business  Continuity 

»  Business  Intelligence 

» IT  Management 

»  Mobile/Wireless 

»  Open  Source 

»  Outsourcing 

»  Privacy  &c  Security 

»  SOA/Web  Services 

»  Software 

»  Storage 


in0 


'“'"'It, 


J our  r®jj£?  other  cwrn 
^7~^Continuit 


p‘>.rr 

J,*0|JrCW>9 


|gfa-?rofeci 
I  “  2*1 

feseS?* 

Lilian 

<  aSS*™* 


WrC®"’* 

“"•"Wife., 


f  .7  w  I 


;Onjj0Ofa#(. 


(Nl pSP*"' 


»  VOIP 


Business 

Technology 

Leadership 


I 


’I 


I 


INTEG 

SOA  paves  the  way  to  easier, 
faster  and  more  affordable 
Bl  integration. 


RATION'S 
THE  THING 


I 

1 

I 

If 

ip 

I 

■I 

I 


1  I 
I 

I 


I 


I 


EXECUTIVE  SUMMARY 


USINESS  INTELLIGENCE  isn't  what  it  used  to  be.  No 
longer  just  an  executive  dashboard  for  strategic  boardroom 
discussions,  business  intelligence  (Bl)  has  gone  mainstream, 
enabling  operations-level  intelligence  that  enhances  everyday  deci¬ 
sions.  Intelligence  data  must  come  from  many  sources  -  from  data 
warehouses  to  the  business  applications  themselves.  And  the  only 
way  that’s  going  to  happen  is  through  integration,  which  often  eats 
up  as  much  as  70  percent  of  Bl  implementation  budgets.  Read  this 
article  to  gain  practical  advice  on  building  a  unified  integration  Bl 
strategy  based  on  service-oriented  architecture  (SOA)  and  event- 
driven  architecture  (EDA)  -  without  breaking  the  bank. 


“I  can’t  get  that  information 
because  our  systems  just  don’t  ‘talk’ 
to  each  other.” 

Sound  like  a  familiar  complaint? 

For  many  CIOs,  it’s  a  sticking 
point  that  hits  close  to  home, 
because  the  very  information  that 
should  be  at  one’s  fingertips  -  but 
repeatedly  remains  at  arm’s 
length  -  can  significantly  impact 
the  bottom  line. 

It’s  not  that  the  data  isn’t  there. 

Rather,  it’s  everywhere,  from  data 
warehouses  to  operational  appli¬ 
cations.  Users  need  complete,  clean,  up-to-the-minute 
intelligence  that  comes  from  an  integrated  infrastructure 
of  systems  that  “talk”  to  each  other. 

With  service-oriented  architecture  (SOA)  and  the 
less-discussed  but  equally  important  event-driven 
architecture  (EDA)  technology  paving  the  way,  there’s  no 
need  for  excuses. 

Information  Enterprise 
Builders  Intelligence 

Custom  Publishing 
Advertising  Supplement 


There's  Intelligence  in  Applications 

As  organizations  continue  to  embrace  operational  busi¬ 
ness  intelligence  (OBI),  the  question  of  integration  gains 
greater  importance. 

OBI  systems  draw  information  not  just  from  data  marts 
and  warehouses,  but  also  from  a  myriad  of  other  sources 
like  RFID  devices,  CRM  solutions,  handhelds  and  more. 
And,  through  Web  services,  data  is  even  coming  from  ven¬ 
dors,  customers  and  other  third  parties.  Making  matters 
more  complex,  these  applications  range  from  the  home¬ 
grown  to  standards-based  commercial  packages  and  pro¬ 
prietary  enterprise  systems.  Information  from  disparate 
sources  must  be  prepared  for  manipulation,  analysis,  and 
delivery,  in  real  or  near-real  time. 

“People  derive  value  from  information 
when  they  get  the  right  data  coming  from 
the  right  systems  at  the  right  time,”  says 
Jake  Freivald,  vice  president  of  product 
marketing  for  iWay  Software,  a  NYC-based 
Information  Builders  company  and  an 
innovator  of  enterprise  integration  solu¬ 
tions.  “Sometimes  people  really  struggle  to 
get  that  data,  so  they  try  difficult  tasks  like 
sun  setting  or  eliminating  legacy  systems  - 
but  that’s  a  major  risk,  and  it  often  doesn’t 
solve  the  problem.  The  trick  is  getting  the 
most  out  of  what  you  already  have.” 

Integration  Takes  Center  Stage  in  Strategies 

With  seamless  integration,  any  data  is  accessible  - 
regardless  of  where  and  how  it’s  stored. 

“Even  so,  integration  is  always  the  biggest  headache  for 
organizations  as  they  build  and  maintain  complex  IT 
infrastructures  that  impact  critical  business  operations,” 
says  Kevin  Quinn,  vice  president  of  product  marketing  at 
Information  Builders,  a  NYC-based  provider  of  business 
intelligence  and  real-time  Web  reporting.  “In  fact,  integra¬ 
tion  is  so  time-consuming  and  expensive  that  it  often  eats 
up  70  percent  of  Bl  implementation  budgets.  One  com¬ 
pany  we  helped  had  four  people  doing  Bl,  and  12  support- 


ADVERTISING  SUPPLEMENT 


B  .  1 

1  N  T  E  G  R  A  T  1 

1  O  N 

CASE  STUDY 

Putting  SOA  to  Work  in  the  Real  World 

One  Information  Builders  customer  needed  to  provide  its  call  center 
reps  with  a  complete,  up-to-the-minute  view  of  any  customer  at  any 
given  time.  That  view  required  two-way  interactions  with  dozens  of 
systems,  including  customer-facing  Web-based  applications,  point-of- 
sale  terminals,  marketing,  shipping,  accounting,  and  so  on.  Imagine, 
for  instance,  a  customer  who  has  bought  something  online  and  is  now 
trying  to  return  it  to  a  store. 

By  focusing  on  the  available  business  data  and  the  required  business  serv¬ 
ices,  the  company  converted  an  existing  data  warehouse  -  previously  only 
used  by  1 00  business  analysts  -  into  a  real-time  data  store  that  now  serves 
more  than  6000  call  center  personnel  through  a  common  set  of  reusable 
services.  The  company's  Bl  system  usage  went  way  up,  the  cost  per  user  went 
way  down,  and  its  call  center  reaped  the  rewards -as  did  its  customers. 


ing  the  data  integration  effort.  That’s  the  wrong  ratio." 

To  start,  a  keen  understanding  of  what  users  need  is 
paramount.  Identify  the  systems  and  applications  that  need 
to  talk.  Target  the  relevant  data,  from  data  fields  and  event 
triggers  to  Web  services.  Then,  look  for  a  solution  that  sim¬ 
plifies  complex  data  environments. 

CIOs  need  to  develop  data  integration  strategies  that 
best  fit  their  organizations’  needs  and  business  processes. 
Quinn  says  there  are  several  options: 

•  Create  decentralized  aggregate  data  marts  throughout 
your  organization 

•  Take  a  hybrid  approach  by  allowing  drill-down  from  a 
warehouse  to  operational  applications 

•  Leverage  real-time  transactions  to  alert  users  of  events 
as  they  unfold 

The  Technology  Behind  the  Tools:  SOA  and  EDA 

Any  BI  solution  relies  on  integration  technology  to  support 
its  tools.  “To  do  BI  well,  you  need  to  anticipate  technical 
heterogeneity  and  constant  business  change,”  says 
Freivald.  “In  other  words,  you  need  a  flexible  and  highly 
interoperable  integration  platform.” 

Industry  analysts  often  point  to  service-oriented  archi¬ 
tecture  (SOA).  “That’s  because  service  orientation  aligns  IT 
with  business  processes,”  Freivald  notes.  “Businesspeople - 
the  ones  who  need  to  be  served  by  service-oriented  archi¬ 
tecture  -  use  business  terms  and  business  data  to  say  what 
service  they  want.  IT  delivers  a  service  that  meets  the  need, 
regardless  of  what  underlying  applications  they  use  to 
implement  it.  The  applications  become  less  important  than 
the  services  they  provide.” 

According  to  a  report  from  Boston-based  Aberdeen 
Group,  a  research  company  that  explores  technology’s 
impact  on  business  and  consumers,  “SOA  middleware  is 
the  fastest  way  available  to  create  powerful,  re-usable  busi¬ 
ness  services  from  existing  applications." 


The  SOA  approach  promises  to  elimi¬ 
nate  time-consuming  and  costly  custom 
integration  code  and  simplify  the  skills 
needed  for  design,  deployment  and  main¬ 
tenance  of  OBI. 

It’s  important  to  build  event  triggers  into 
an  OBI  strategy  by  using  an  event-driven 
architecture  (EDA)  that  allows  messages  to 
be  shared  between  applications.  “An  event  is 
a  message  that  carries  business  data.  It  tells 
different  parts  of  the  business  that  some¬ 
thing  relevant  happened.  It  can  be  delivered 
over  any  communication  mechanism,  with 
any  enveloping  of  information,”  explains 
Freivald.  For  example,  a  “purchase  order” 
message  received  from  a  business  partner 
could  be  considered  an  event  and  could  trig¬ 
ger  responses  across  ERE  accounting  and  CRM  applications. 

“A  data  integration  platform  based  on  SOA  and  EDA 
optimizes  the  utilization  of  a  company’s  most  data-packed 
IT  resources,”  says  Freivald.  “And  shouldn’t  a  BI  strategy 
tap  into  that?” 

A  technology  called  ESB  (enterprise  service  bus)  brings 
together  service-oriented,  event-driven  and  message-ori¬ 
ented  approaches  to  integration.  As  the  central  component 
of  such  architectures,  it  enables  organizations  to  create, 
compose,  and  manage  services  -  whether  invoked  as  Web 
services  or  through  other  interfaces.  “An  ESB  offers  a  highly 
distributed,  platform-agnostic  approach  to  integration, 
providing  standards-based  support  for  messaging,  Web 
services,  routing  and  data  transformation,  without  writing 
code,”  adds  Freivald. 

There  are  no  more  excuses  for  lack  of  information.  The 
data  is  there.  But  it  must  be  made  accessible  with  the  right 
OBI  integration  strategy. 

To  explore  various  BI  integration  options,  check  out 
Information  Builders’  BI  Essentials  [http://www.biessen- 
tials.com/] ,  a  resource  library  to  help  CIOs  navigate  the  chal¬ 
lenges  of  unifying  integration  for  successful  BI  strategies.  • 

About  iWay  Software 

iWay  Software,  an  Information  Builders  company, 
accelerates  business  integration  by  providing  tools  that 
make  service-oriented  architectures  easy  to  implement. 
For  more  information,  visit  www.iwaysoftware.com. 

About  Information  Builders 

Information  Builders  is  the  leader  in  enterprise  business 
intelligence  and  real-time  Web  reporting.  The  company's 
WebFOCUS  product  -  the  industry's  most  secure  and 
flexible  -  is  able  to  meet  all  the  reporting  needs  of  the 
extended  enterprise. 

For  more  information,  visit  www.informationbuilders.com 
or  call  1-800-969-INFO. 


2 


Cover  Story 


THE 

TRUTH 

ABOUT 


In  which  we  pour 
some  cold  water  on 
the  hype  and  answer 
your  questions  about 
why,  how  and  when 
you  should  (or  should 
not)  start  thinking 
about  implementing 
a  service-oriented 
architecture 

BY  CHRISTOPHER  KOCH 


CIOs  are  chasing  a  distant  dot  on  the 

horizon  called  agility  (the  ability  to  change  IT  quickly 
to  fit  business  needs)  and  the  dot  is  receding. 

Fast. 

A  recent  survey  by  the  Business  Performance 
Management  Institute  found  that  only  11  percent  of 
executives  say  they’re  able  to 
keep  up  with  business  demand 
to  change  technology-enabled 
processes— 40  percent  of 
which,  according  to  the  survey, 
are  currently  in  need  of  IT 
attention.  Worse,  36  percent 


Reader  ROI 

Why  service-oriented 
architecture  demands  a 
long-term  commitment 

How  to  ensure  that  a 
service  gets  reused 

Why  business  process 
complexity  is  a 
prerequisite  forSOA 


www.cio.com  |  JUNE  15,  2006 


4 


Cover  Story 


Service-Oriented  Architecture 


report  that  their  company’s  IT  departments  are  having 
either  “significant  difficulties”  (27  percent)  or  “can’t  keep  up 
at  all”  (9  percent). 

Service-oriented  architecture,  or  SOA,  is  the  latest  in  a 
long  line  of  highly  hyped  strategies  designed  to  bring  that 
disappearing  dot  back  into  view.  By  mirroring  in  technol¬ 
ogy  important  chunks  of  business  processes  (“credit  check” 
or  “customer  record,”  for  example),  SOA  promises  to  give 
companies  a  portfolio  of  services  that  can  be  mixed  quickly 
and  matched  expeditiously  to  create  automated  business 
processes,  thereby  reducing  application  development  time 
and  costs  by  as  much  as  50  percent. 

From  its  humble  origins  in  object-oriented  design  and 
component-based  software  development  methodologies, 
SOA  has  moved  into  a  rarefied  realm  of  expectations.  SOA, 
the  story  goes,  isn’t  merely  designed  to  remake  IT;  it’s  going 
to  be  a  magic  bullet  to  transform  the  businesses  that  IT 
serves  too. 

CIOs,  usually  a  skeptical  crowd,  are  helping  drive  these 
expectations.  According  to  a  recent  Forrester  Research  sur¬ 
vey,  46  percent  of  large-enterprise  SOA  users  (and  about 
27  percent  of  SOA  users  at  midsize  and  smaller  enterprises) 
said  they’re  using  SOA  to  “achieve  strategic  business  trans¬ 
formation.”  Surveys  from  other  research  companies  report 
the  same  enthusiasm,  with  “competitive  advantage”  being 
the  most  popular  expectation  in  a  Summit  Strategies  sur¬ 
vey,  and  the  ability  to  “develop  new  capabilities  and  prod¬ 
ucts”  topping  the  list  for  Aberdeen  Group’s  respondents. 

In  a  recent  ClO/Computerworld  survey,  77  percent  of  respon¬ 
dents  said  SOA  would  result  in  greater  business  flexibility. 

And  it  may  do  all  that  and  more. 

Just  not  yet. 

Even  Harder  Than  You  Think 

SOA  is  far  from  being  a  proven  concept  (only  16  percent  of 
companies  in  the  Aberdeen  survey  have  more  than  24 
months  of  experience  with  SOA  technologies),  and  the 
companies  that  have  had  the  most  success  with  it  so  far 
are  those  that  always  have  success  with  technology:  big 
companies  with  big  IT  budgets  whose  business  is  technol¬ 
ogy-based  (think  telecom  and  financial  services).  They  also 
tend  to  have  supportive,  technologically  sophisticated 
business  leaders. 


For  companies  without  these  advantages,  SOA  may  not 
be  the  panacea  it’s  being  made  out  to  be. 

That’s  because  SOA  demands  a  bigger  investment  and 
a  longer  strategic  commitment  than  CIOs  may  think. 

The  tactical  part— service-oriented  development— is  a 
surmountable  technical  challenge.  But  the  strategic  part- 
creating  an  architecture  based  on  a  portfolio  of  services— 
asks  that  CIOs  make  a  compelling  case  for  enterprise 
architecture,  a  centralized  development  methodology  and 
a  centralized  staff  of  project  managers,  architects  and 
developers.  It  also  requires  a  willing  CEO  and  executive 
staff  to  pave  the  way  for  IT  to  dive  in  to  the  core  business 
processes  of  the  company.  Understanding  those  processes 
and  getting  buy-in  on  enterprise  sharing  are  the  real  sine 
qua  nons  of  SOA-based  business  transformation. 

For  companies  without  technology  products,  big  budgets 
or  business  leaders  who  chant  the  CIO’s  name  every  time 
he  comes  into  the  room,  SOA  is  neither  a  guaranteed  path  to 
business  transformation  nor,  in  some  cases,  even  desirable. 
For  smaller  companies,  for  companies  that  have  made  big 
bets  on  integrated  application  suites  and  for  companies  that 
already  have  solid  application  integration  strategies  in 
place,  SOA  isn’t  a  “when,”  it’s  an  “if.”  CIOs  need  to  pursue 
an  SOA  strategy  carefully  because  the  service  development 
and  architecture  planning  pieces  of  SOA  are  distinct  but  not 
independent— they  need  to  be  considered  and  executed  in 
parallel.  Services  built  in  isolation,  without  taking  into 
account  the  architectural  and  business  goals  of  the  com¬ 
pany,  may  have  little  potential  for  reuse  (one  of  SOA’s  most 
important  benefits)  or  may  fail  outright.  Grand  architec¬ 
tural  planning  exercises  may  drag  on  endlessly,  without 
providing  any  real  business  benefit. 

And  that  dot  on  the  horizon,  agility,  is  difficult  to  quan¬ 
tify.  “We  can’t  say,  Do  SOA  because  it  will  give  you  a  much 
more  flexible  set  of  systems,”  says  Daniel  Sholler,  Gartner’s 
vice  president  of  research.  “There’s  no  metric  that  says  if 
I’m  more  agile  I  will  save  X  percent.  The  number-one 
difficulty  with  SOA  is  that  it’s  hard  to  get  the  ROI  down 
to  the  spreadsheet  level.”  Indeed,  a  survey  by  integration 
software  maker  WebMethods  found  that  the  top  two 
inhibitors  to  SOA  were,  respectively,  a  lack  of  general 
knowledge  and  the  difficulty  of  quantifying  its  ROI. 

Indeed,  there’s  no  inherent  ROI  in  any  technology 
strategy,  cautions  David  Johns,  senior  vice  president,  CIO 


50 


JUNE  15,  2006  |  www.cio.com 


.INFRASTRUCTURE  LOG 


_  t  BMi® 

_DAY  8:  I  give  up.  Our  infrastructure  is  so  inflexible. 

Our  apps  and  processes  don’t  work  together.  We  can’t 
respond  quickly  to  change.  It’s  out  of  control. 

_DAY  10:  Gil  had  an  epiphany.  Duct  tape.  A  few 
dozen  rolls  later  and  he’s  integrated  everything,  and 
everyone,  by  hand. 

_DAY  13:  I’ve  found  something  better:  IBM  WebSphere 
middleware.  It’ll  make  our  infrastructure  more 
flexible  by  seamlessly  integrating  our  apps,  even  those 
from  SAP  and  Oracle.  We  can  change  processes  in  a  snap, 
and  IBM’s  industry-specific  expertise  helps  enable  a 
service  oriented  architecture. 

_Hmmmmm. . .WebSphere.  More  powerful  than  duct  tape. 


WebSphere. 


Download  our  IBM  SOA  Assessment  Tool  at: 

IBM.COM/TAKEBACKCONTROL/SOA 


>  .  .  rfifj:  t  j  .  '  ■  •  i 

IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  SAP  i: 
registered  trademark  of  SAP  AG  in  Germany  and  in  several  other  countries.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  All  rights  reserved. 


Cover  Story 


Service-Oriented  Architecture 


and  chief  supply  chain  officer  for  Owens  Corning,  a  build¬ 
ing  materials  manufacturer.  Therefore,  he  says,  “Develop¬ 
ing  a  service-oriented  architecture  is  not  our  goal.  Driving 
productivity  and  driving  waste  out  of  the  supply  chain  are 
the  goals,  and  we’ll  look  at  technology  solutions  from  that 
aspect  rather  than  what  the  industry  may  say  is  the  latest, 
greatest  thing.” 

Some  are  even  more  dubious.  “Companies  are  creating 
a  complex  bureaucracy  around  something  that  90  percent 
of  the  time  is  overkill,”  says  Thomas  Gagne,  CTO  of 
InStream  Financial,  a  software  and  financial  services 
vendor.  “Why  are  we  replacing  technology  and  obsolesc- 
ing  our  employees’  skills  faster  than  we’re  realizing  the 
benefits  of  the  previous,  now  supposedly  inadequate 
technologies?” 

That’s  a  difficult  question  CIOs  need  to  ask  themselves 
before  entering  SOA’s  business  transformation  revival  tent. 
Here  are  a  few  more: 


The  Questions, 

The  Answers 

Q:  SOA  is  a  technology  architecture. 
How  do  you  make  a  business  case 
for  a  new  technology  architecture? 

A '  You  don’t.  “Don’t  talk  to  the  business  about  SOA 
because  the  business  doesn’t  care,”  says  Forrester  Research 
analyst  Randy  Heffner.  The  business’s  interest  in  SOA 
extends  only  as  far  as  it  cuts  the  cost  of  applications  and 
gets  them  running  faster.  But  simply  rewriting  code  in  the 
form  of  a  service  doesn’t  deliver  those  kinds  of  benefits.  To 
start  down  the  road  to  building  an  SOA,  there  needs  to  be 
multiple  redundant  IT  applications  that  can  be  consolidated 
into  a  single  service,  or  the  possibility  for  multiple  areas  of 
the  business  to  use  a  single  service.  To  speak  to  the  busi¬ 
ness,  quantifying  the  redundancy  helps.  “I  know  for  a  fact 
that  the  same  data  is  being  extracted  by  at  least  26  different 
applications  in  our  environment  for  different  purposes,” 
says  Jeff  Gleason,  director  of  IT  strategies  for  Transamerica 
Life  Insurance,  annuity  products  and  services  division. 
“We’re  extracting  it  and  paying  to  store  it  in  all  those 
different  places.  Just  getting  rid  of  those  support  costs  is 
a  big  deal.” 

But  there  is  also  a  flexibility  quotient  to  SOA  that  can 
add  value— if  it  is  focused  on  a  critical  business  process. 

At  ProFlowers.com,  for  example,  there  are  no  redundant 
applications  or  multiple  business  units  clamoring  for 


services.  But  splitting  the  flower  ordering  process  into 
discrete  services  means  each  component  can  be  isolated 
and  changed  as  needed  to  handle  the  spikes  in  demand  that 
occur  around  holidays,  according  to  ProFlowers  CIO  Kevin 
Hall.  When  ProFlowers  had  a  single,  monolithic  applica¬ 
tion  handling  the  process,  a  single  change  in  the  process  or 
a  growth  in  transaction  volume  (on,  say,  Valentine’s  Day) 
meant  tearing  apart  the  entire  system  and  rebuilding  it. 

In  the  new  system,  a  server  farm  responds  to  spikes  in 
activity  during  each  phase  of  the  ordering  process  by 
transferring  storage  capacity  to  the  specific  service  that 
needs  it  most.  The  system  is  much  more  predictable  now, 
and  there  have  been  no  outages  since  the  service-enabled 
process  was  rolled  out  beginning  in  2002,  according  to 
Hall.  “Because  we  can  scale  horizontally  [more  servers] 
and  vertically  [splitting  up  services],  I  don’t  have  to  buy  all 
the  hardware  to  serve  every  service  at  its  peak  load,”  he 
says.  “You  don’t  have  to  be  able  to  eat  the  elephant  in  one 
bite  anymore.” 

Q:  When  is  SOA  not  a  good  idea? 

A  l  Complexity  is  the  prime  prerequisite  for  SOA.  Small 
companies  that  are  consolidated  on  a  single  infrastructure 
(like  Microsoft)  and  don’t  have  complex  application  inte¬ 
gration  requirements  are  not  candidates  for  SOA.  Larger 
companies  whose  application  infrastructure  comes  mostly 
from  a  single  vendor  (60  percent  or  more,  according  to 
experts  we  spoke  to)  will  want  to  think  carefully  about 
whether  building  their  own  SOA  is  necessary  or  wise. 

Then  comes  speed,  and  the  need  for  it.  If  processes  don’t 
need  to  change  quickly,  then  transforming  IT  in  order  to  be 
able  to  change  them  more  quickly  is  pointless. 

At  Owens  Corning,  75  percent  of  its  software  applica¬ 
tions  come  from  SAR  Owens  Coming’s  products  are 
manufactured  and  sold  in  similar  ways  around  the  globe, 
which  means  CIO  Johns  has  long  driven  a  strategy  of 
business  process  integration  through  SAP’s  applications. 
“SAP  is  the  integration  strategy,”  Johns  says.  His  goal  is  to 
unify  all  of  the  company’s  worldwide  divisions  on  a  single 
version,  or  “instance,”  of  SAP  running  on  a  single  data¬ 
base.  He  is  also  monitoring  SAP’s  strategy  of  service¬ 
enabling  its  applications  to  create  a  ready-made  SOA  for 
its  customers.  (See  “If  You  Can’t  Beat  ’Em,  Integrate  ’Em,” 
Page  58.) 

Global  manufacturer  Whirlpool  has  also  placed  a  big  bet 
on  SAP  and  global  process  integration,  which,  to  Esat  Sezer, 
the  company’s  corporate  VP  and  CIO,  makes  more  sense 
than  application  integration.  “I’m  not  dealing  with  that 
anymore,”  he  says.  “I  have  outsourced  that  to  SAP.  I  look 
forward  to  SAP  handling  integration  requirements  that  I 
used  to  have  to  handle  myself.” 


52 


JUNE  15,  2006  |  www.cio.com 


other  countries.  All  rights  reserved. 


MEET  THE  FOREST 

(SAY  GOODBYE  TO  THE  TREES) 


Introducing  Intel®  vPro™  technology. 

It's  the  most  exciting  leap  in  business  desktop 
computing  since  the  introduction  of  the 
Intel  Pentium  processor  over  a  decade  ago. 

The  new  Intel  vPro  technology  is  much 
more  than  just  a  new  processor. 

It's  a  remarkable  combination  of  new 
technology  that  is  optimized  for  business, 
Just  about  every  repetitive  task  (installing 
software,  upgrading  licenses,  running 
diagnostics)  is  made  more  simple  and 
more  efficient. 

Pro  Security. 

Intel  vPro  technology  is  optimized  to 
provide  additional  security  at  the  hardware 
level  of  your  desktop  PC.  Now  users 
can't  unknowingly  (or  even  knowingly) 
disable  security  features,  in  fact,  Intel 
vPro  technology  can  even  isolate  infected 
PCs  from  the  rest  of  the  network  so  your 
company  can  stay  online  and  productive. 

Pro  Savings. 

Seventy-five  percent  of  all  IT  budgets  is 
spent  on  maintenance  and  integration  costs. 
Intel  vPro  technology  enables  third-party 


software  solutions  to  manage,  secure  and 
inventory  your  PCs  regardless  of  power 
state  or  the  health  of  the  OS,  Saving  you  time 
and  money. 

Pro  Performance. 

How  is  this  possible?  These  benefits  all 
run  on  dual-core  technology  that  enables 
a  responsive  end-user  experience.  Even 
with  your  security  and  management  tasks 
running  in  the  background. 

Now  your  network  of  PCs  can  actually  report 
where  they  are,  what  they're  doing  and  how 
they're  feeling. 

Intel  vPro  technology  is  a  desktop 
architecture  that  is  designed  to  add 
functionality,  security  and  manageability  to 
the  solutions  and  equipment  you  already 
have  installed, 

Be  Pro  Active.  Go  Pro. 

^  You'll  be  reading  and  hearing 
"/  more  about  Intel  vPro 
technology  in  the  next  few 
vPro'  weeks  and  months.  You  can  find 
detailed  information  on  how 
new  Intel  vPro  technology  will  help  your 
company  or  organization  at  intel.com. 


Cover  Story  |  Service-Oriented  Architecture 


Q:  Creating  a  service  requires  more 
planning  and  design  than  traditional 
application  development  and 
integration.  How  much  extra  does 
service-enablement  cost? 

A !  Forrester’s  Heffner  estimates  that  the  extra  work 
involved  in  service-oriented  development  can  range  from 
30  percent  to  100  percent  more  at  the  design  stage,  which 
makes  up  10  percent  or  less  of  the  overall  cost  of  an  applica¬ 
tion  project.  The  extra  effort  is  necessary  to  create  a  service 
that  can  be  used  in  many  areas  of  the  business,  each  with 
their  own  particular  needs.  Transamerica’s  Gleason  says 
that,  for  example,  services  that  deal  with  insurance  premium 
payments  from  customers 
generally  need  to  accommo¬ 
date  multiple  delivery  chan¬ 
nels— say,  a  website,  a  bank 
wire  transfer  or  a  call  center- 
depending  on  the  process  for 
each  business  unit.  Under¬ 
standing  the  ways  each  unit 
wants  to  consume  the  serv¬ 
ices  is  part  of  the  design  work 
and  is  critical  to  getting  units 
to  agree  to  use  the  same 
service. 

But  businesspeople  are 
often  aware  of  the  extra  effort 
required  for  services  and  may  not  want  to  pay  for  them. 

“I’ve  heard  this  a  hundred  times,”  says  Gleason.  “A  business 
sponsor  says,  ‘Well,  if  you’re  going  to  make  me  pay  for  creat¬ 
ing  this  service  the  first  time,  you  just  blew  away  the  cost 
benefit  of  my  project,  and  it’s  not  going  to  get  sponsored. 
And  so  I  want  you  to  go  ahead  and  hard-code  the  integra¬ 
tion  because  I  need  that  functionality.’  But  then  my  job  is  to 
help  them  see  how  creating  that  service  is  not  really  a  proj¬ 
ect  artifact;  it  is  a  business  architecture  artifact.  We’re  creat¬ 
ing  a  piece  of  our  business  infrastructure  that  can  be  reused 
and  changed.  Once  you  get  people  to  understand  the 
requirement  for  doing  that,  then  they  stop  worrying  about 
whether  it  costs  more  to  create  it  initially  than  it  would  to 
hard-code  the  thing.” 

Q:  How  much  reuse  can  I  expect 
from  services?  And  what  does  that 
mean  in  real  dollars? 

A  *  Reuse  of  services  can  vary  widely  and  depends  on  the 
rigor  of  the  design,  which  in  turn  depends  on  the  abilities  and 
experience  of  the  developers  and  project  managers,  says 


Heffner.  Reuse  also  depends  on  the  level  of  architectural  plan¬ 
ning  that  surrounds  the  specific  service.  For  example,  a  serv¬ 
ice  has  more  chance  for  reuse  if  it  is  developed  as  part  of  a 
broad  SOA  strategy  that  includes  uniform  development 
methodologies,  a  centralized  architecture  planning  staff  and 
business  analysts  who  can  examine  processes  across  the  com¬ 
pany  and  incorporate  the  unique  needs  of  the  business  units 
into  the  design  of  the  service.  “If  a  service  isn’t  designed  with 
knowledge  of  how  other  parts  of  the  organization  may  want  to 
use  it,  it’s  unlikely  that  those  groups  will  adopt  it,”  says  Glea¬ 
son.  Worse,  designing  a  one-off  service  could  lead  to  duplica¬ 
tion  of  effort  down  the  road.  “You  may  need  to  create  a  second 
service  to  complement  it  because  you  don’t  have  time  to  mod¬ 
ify  the  first,  or  perhaps  you’re  going  to  have  to  rebuild  the 
thing  because  now  it  doesn’t  meet  your  requirements,”  says 

Gleason.  “In  the  long  run, 
there’s  no  hope  for  business 
process  integration,  or  busi¬ 
ness  process  management,  if  I 
don’t  look  at  services  from  an 
architecture  perspective.” 

But  if  a  service  can  be 
reused  even  once,  it  can  have 
an  exponential  effect  on  sav¬ 
ings,  according  to  Heffner. 
Even  though  services  require 
more  up-front  design  work, 
reuse  means  there  will  be  no 
costs  for  design,  coding  or 
unit  testing  the  next  time 
around.  Together,  these  steps  account  for  about  40  percent 
of  a  software  project  cost. 

Veterans  caution  that  it’s  difficult  to  predict  the  reusabil¬ 
ity  of  services.  Sizing  the  services  properly  (known  as  gran¬ 
ularity)  so  they  don’t  try  to  do  too  much  or  too  little  is  an  art. 
“We  have  challenges  with  granularity,”  says  Howie  Miller, 
VP  of  integration  architecture  for  IBM’s  internal  IT  group. 
“I’d  say  30  percent  of  our  assets  drive  90  percent  of  the 
return  because  they  are  sized  better,”  says  Miller.  Heffner 
agrees:  “At  one  auto  company  I’ve  talked  to,  they  had  some 
services  that  were  used  20  times  and  others  that  were  used 
only  once.” 

Q:  I  need  to  show  value  to  the 
business  for  everything  I  do.  How 
do  I  balance  the  architecture 
planning  with  the  need  to  prove 
value  to  the  business  quickly? 

A  ‘  Architectural  planning  is  time-consuming.  Service- 
oriented  development,  drawing  upon  well-known  pro- 


“If  a  service  isn’t  designed 
with  knowledge  of  how 
other  parts  of  the  organi¬ 
zation  may  want  to  use  it, 

it’s  unlikely  that  those 
groups  will  adopt  it.” 

-DIRECTOR  OF  I.T.  STRATEGIES  JEFF  GLEASON, 
TRANSAMERICA  LIFE  INSURANCE 


54 


JUNE  15,  2006  |  www.cio.com 


Printing  in  color. 


"#1  Copier/Multifunction  Product  in  Overall 
Customer  Satisfaction  Among  Business  Users" 

-  According  to  J.D.  Power  and  Associates 


Big  Impact,  Low  Cost:  Kyocera  Color  Solutions  (or  Business 

Add  vivid  color  to  your  documents  for  better  business  results.  Kyocera  offers  you  a  wide 
range  of  color  solutions,  all  with  a  very  low  total  cost  of  ownership.  From  desktop  printers  to 
high  volume  MFPs,  choose  Kyocera  for  award-winning  reliability  and  proven  performance. 
And,  to  find  out  what  you  can  do  to  reduce  your  printer  costs,  try  our  TCO  Tracker.*  This 
online  tool  allows  you  to  calculate  what  you'd  save  by  switching  from  your  current  printer 
to  an  equivalent  Kyocera  printer. 

That's  the  power  of  People  Friendly.  Learn  more:  www.lcyoceramita.com 


The  New  Value  Frontier 

$  icyocERa 


KYOCERA  MITA  CORPORATION.  KYOCERA  MITA  AMERICA.  INC.  ©2006  Kyocera  Mita  Corporation.  “People  Friendly,"  "The  New  Value  Frontier,"  the  Kyocera  “smile"  and  the  Kyocera  logo  are  trademarks  of  Kyocera.  J.D.  Power 
and  Associates  2005  Copier  Customer  Satisfaction  Study™.  Study  based  on  responses  from  1,730  business  decision  makers.  16  major  brands  serving  the  U.S.  market  were  included,  www.jdpower.com  ’Source:  Current  Analysis,  Inc. 


■0 


I've  decided  to  change  the  rules.  From  now  on,  threats  will  be  afraid  of  me. 

Dynamic  Networking  from  AT&T  analyzes  real-time  traffic  over  the  AT&T  network  to 
predict  security  threats  before  they  become  security  breaches.  With  firewalls  and 
intrusion  protection,  the  AT&T  network  provides  Anthony  with  a  front  line  of  defense 
and  the  confidence  to  take  his  network  wherever  he  needs.  With  real-time  repotting 
of  security  issues,  potential  threats  are  on  Anthony's  radar,  but  not  on  his  network. 


att.com/networking 


1  V 


Cover  Story  |  Service-Oriented  Architecture 


gramming  principles  and  widely 
available  technology  standards 
(such  as  SOAP,  HTTP  and  so  on), 
can  happen  a  lot  faster.  But  the  two 
need  to  happen  in  parallel,  say 
experts.  “We  do  development  proj¬ 
ects  as  needed  and  then  on  the  side 
we  have  a  longer  multiyear  project 
of  mapping  out  the  processes  and 
building  enterprise-level  services,” 
says  Kurt  Wissner,  managing 
director  of  enterprise  architecture 
and  development  for  American 
Electric  Power  (AEP).  “People 
need  to  see  the  benefit  of  SOA 
pretty  quickly.  That’s  why  I  like 
the  project  route,  because  other¬ 
wise  you  don’t  have  anything  tan¬ 
gible  to  sell  to  anyone  about  why 
you’re  doing  this.” 

While  it  would  help  to  have  the 
architectural  plan  and  the  process 
mapping  in  place  before  building 
the  services  (to  improve  the 
chances  for  reuse),  architecture 
planning  has  no  short-term  pay¬ 
back,  which  can  be  devastating.  “I 
tried  to  boil  the  ocean  at  another 
company  and  I  failed,”  recalls 
Wissner.  “We  did  a  big  multimil- 
lion-dollar  architecture  plan  that 
duplicated  what  we  already  had.  It 
didn’t  provide  much  value  over  tra¬ 
ditional  point-to-point  integration, 


and  we  had  nothing  to  show  for  our 
efforts.  If  you  start  with  the  entire 
enterprise,  there  are  too  many  risks 
you  might  fail.” 

By  taking  the  enterprise  plan¬ 
ning  in  smaller  chunks  at  AEP, 
Wissner  can  more  easily  recover 
from  setbacks.  “We’ve  had  hiccups 
but  could  take  corrective  action 
because  the  issue  wasn’t  that  big,” 
he  says.  “If  you  break  it  into  simpler 
pieces,  it’s  more  easily  digestible.” 

“Business  processes  change  all 
the  time,”  adds  Praveen  Sharabu, 
director  of  enterprise  architecture 
and  infrastructure  for  transporta¬ 
tion  company  Con-Way.  “Nobody 
can  wait  for  two  years  while  you 
document  everything,  and  it  will  be 
obsolete  by  the  time  you  finish.” 

Q:  I  can’t  afford  to 
build  a  million  different 
services.  How  do  I 
know  which  services 
will  provide  the  most 
value  for  my  invest¬ 
ment? 

A  *  When  in  doubt,  start  with 
processes  that  involve  customers, 
directly  affect  revenue  and  address 
a  specific  pain  point  in  the  business. 


‘Developing  a  service-oriented 
architecture  is  not  our  goal. 

Driving  productivity  and 
driving  waste  out  of  the  supply 
chain  are  the  goals,  and  we’ll  look  at 
technology  solutions  from  that 
aspect  rather  than  what  the 
industry  may  say  is  the  latest, 

greatest  thing.”  -CIO  DAVID  JOHNS,  OWENS  CORNING 


www.cio.com  |  JUNE  15,  2006  57 


'  Civ :  "  ■  i 


Dynamic 


i 


Networking. 

Delivered. 


Dynamic  Networking  from 
AT&T  is  a  comprehensive 
approach  to  optimizing 
business  performance 
including  the  services  and 
intelligence  of  a  converged 
networking  environment. 


Converged  networking 
delivers: 


High-performing 
business  applications  for 
greater  value,  efficiency 
and  productivity. 


Information  delivered 
faster  to  the  people 
who  need  it  —  decision 
makers,  sales,  customers 
and  suppliers  —  for 
increased  collaboration 
and  responsiveness. 


Improved  control  across 
all  activities  in  the 
organization  to  identify 
changing  circumstances 
and  adjust  network 
performance  in  response. 


One  global  IP  network 
that  reaches  127  countries 
for  flexible  growth. 


Learn  how  Dynamic 
Networking  can  enable 
your  enterprise  by 
downloading  the  white 
paper  series,  Convergence, 
A  Four  Point  Framework,  at 
att.com/networking. 


The  new 


at&t 


Your  world.  Delivered. 


v-  AW  ;7.p 


Cover  Story 


Service-Oriented  Architecture 


A  2006  survey  by  the  Business  Performance  Management 
Institute  found  evolving  customer  needs  and  preferences  to 
be  the  top  driver  in  business  process  change  or  the  intro¬ 
duction  of  new  applications,  followed  by  competitive 
threats  and  new  revenue  opportunities.  (Cost  savings  was  a 
distant  fourth.)  “Externally  facing  applications  are  the  ones 
that  provide  the  most  business  value,  and  they  have  a  good 
set  of  change  requirements  that  come  up  very  often,”  says 
Gartner’s  Sholler.  “If  you  can  improve  those  applications  by 
10  percent,  it’s  better  than  improving  lower-level  applica¬ 
tions  by  50  percent.”  Of  course,  adds  Sholler,  SOA  may  not 
provide  more  value  than,  say,  a  good  packaged  application. 
“But  if  it’s  something  you  would  have  to  build  yourself  any¬ 
way,  you  need  to  do  it  service-oriented,”  he  says. 

Q:  How  will  SOA  affect  my  IT  group? 

A  \  If  you  have  a  decentralized  company,  be  prepared  for  a 
struggle.  SOA  drives  centralization.  Indeed,  it  demands  it. 
“You  have  to  have  someone  heading  it  up,  and  you  have 
to  have  one  individual  or  small  team  manage  the  architec¬ 
ture,”  says  Mike  Falls,  senior  system  engineer  for  Fastenal, 
an  industrial  and  construction  supply  company.  “If  each 
team  is  left  to  itself,  they  may  each  come  up  with  different 
ways  of  building  services.  You  need  one  group,  one  set 
of  research  and  someone  to  make  sure  the  development 
groups  are  sticking  to  the  serv¬ 
ice  development  methodology.” 

As  the  service  portfolio 
grows,  the  development 
process  may  begin  to  look  like 
an  assembly  line.  “It  becomes  a 
factory,”  says  AEP’s  Wissner. 

“You  have  these  different  proj¬ 
ect  teams  that  you  funnel  work 
through,  and  they  can  grow 
and  shrink  as  required.” 

Once  the  SOA  factory  gets 
ramped  up,  expect  to  add  more 
project  managers,  business 
analysts  and  architects  as  the 
productivity  of  the  developers 
increases,  says  ProFlowers’ 

Hall.  “Two  developers  can  now 
do  the  work  of  six,”  he  says. 

“That  means  the  architects  and 
project  managers  are  running 
to  keep  up  with  the  output  of  the  engineers.  We  are  probably 
doing  50  percent  more  work  than  we  did  three  years  ago.” 

Those  programmers  need  to  understand  object-oriented 
programming  and  distributed  applications— and  that  means 
an  investment  in  training.  According  to  the  ClO/Computerworld 


survey,  only  25  percent  of  respondents  have  the  staffs  they 
need  for  SOA— 49  percent  said  they  are  planning  or  have 
training  programs  in  place  for  current  staff  to  bring  them 
up  to  speed. 


If  You  Can’t  Beat 
’Em,  Integrate  ’Em 

In  the  new  SOA  world,  enterprise  vendors 
suddenly  are  eager  to  make  sure  their 
application  suites  can  play  well  with  others. 

In  the  ’90s,  your  integration  strategy  was  simple:  Buy  as 
many  preintegrated  applications  from  a  single  vendor  as 
possible.  That  worked  for  you,  and  it  worked  extremely  well 
for  the  vendor;  integrated  application  suites  fetched  a  high 
price  and  required  long-term  maintenance  and  support 
contracts  that  promised  a  steady,  predictable  stream  of 
revenue  from  customers. 

Even  better,  CIOs’  fear  of  integration  pain  gave  vendors 
a  built-in  sales  advantage  whenever  a  company  wanted  to 
add  a  new  application  to  its  stack.  It  was  easier  for  the  CIO 

to  pick  a  preintegrated  applica¬ 
tion  from  the  dominant  vendor 
than  to  take  a  risk  on  a  best-of- 
breed  newcomer— even  if  its 
application  had  better  functional¬ 
ity— because  expensive  integra¬ 
tion  disasters  had  become  the 
much-publicized  bane  of  the 
industry.  Better  to  have  disap¬ 
pointed  users,  CIOs  reasoned, 
than  headlines  in  The  Wall  Street 
Journal. 

But  the  rise  of  service-oriented 
architecture  has  produced  a  shift 
in  integration  strategy.  SOA 
makes  the  radical  assertion  that 
the  enterprise  application  infra¬ 
structure  is  irrelevant.  Technol¬ 
ogy  is  constructed  according  to 
services  specified  by  the  business, 
not  by  processes  contained  within 
an  enterprise  application  vendor’s  software  box.  In  this 
scenario,  packaged  software  is  a  piece  of  the  service,  just 
another  component  in  a  larger  business  process— such  as 
an  insurance  claims  process  that  links  a  jumble  of  functions 
and  data  inside  ERP,  CRM  and  old  mainframe  legacy  sys- 


“Two  developers  can  now 
do  the  work  of  six.  That 
means  the  architects 
and  project  managers 
are  runningto  keep  up 
with  the  output  of  the 
engineers.  We  are 
probably  doing  50% 
more  work  than  we 
did  three  years  ago.” 

-CIO  KEVIN  HALL,  PROFLOWERS.COM 


58 


JUNE  15,  2006  |  www.cio.com 


business  users  think  answers 
should  be  ONE  CLICK  away, 
so  do  we. 


low  you  can  eliminate  user  frustration  and  get  the  most  from 
our  BI  investment. 


Cognos  8  Business  Intelligence  is  a  single  product  that  lets  users  move  seamlessly 
between  all  BI  capabilities  —  reporting,  analysis,  dashboarding  and  scorecarding. 


t  has  one  common,  browser-based  interface  that  makes  it  easy  to  learn  and  use. 
And  a  self-service  platform  that  lets  users  get  the  information  they  need. 
Without  navigating  complex  data  systems.  Or  relying  on  IT. 
n  short,  it’s  BI  that  works  the  way  users  think. 

Visit  www.cognos.com/oneclick  today. 


Copyright  ©  2006  Cognos  Incorporated.  All  rights  reserved. 


THE  NEXT  LEVEL  OF  PERFORMANCE™ 


Cover  Story 


Service-Oriented  Architecture 


terns.  The  application’s  vendor  doesn’t  matter  anymore;  the 
linkages  between  the  applications  is  the  important  thing. 

As  a  result,  the  vendors’  integration  strategies  have 
become  more  important  than  the  features  of  their  software. 
(Both  dominant  enterprise  software  vendors,  Oracle  and 
SAP,  have  begun  offering  integration  middleware  to  go 
along  with  their  software  suites,  although  both  are  sticking 
with  the  big,  integrated  soft¬ 
ware  suite  vision.) 

In  the  brave  new  world  of 
SOA,  the  big  software  vendors 
have  decided  to  take  a  page 
from  Microsoft’s  playbook 
and  duplicate  the  Windows 
strategy.  With  the  Windows 
operating  system  running  on 
95  percent  of  PCs,  software 
developers  are  eager  to  create 
software  that  works  with 
Windows  because  it  means 
they  can  reach  the  most  cus¬ 
tomers  and  make  the  most 
money.  As  a  result,  the  thou¬ 
sands  of  applications  avail¬ 
able  for  Windows  today 
ensure  its  dominance  in  the 
operating  system  market  tomorrow.  Similarly,  the  big 
enterprise  software  vendors  are  trying  to  ensure  their 
futures  in  an  SOA  world  by  assembling  ecosystems 
around  their  core  applications. 

For  example,  the  most  startling  change  in  strategy  comes 
from  SAP,  long  the  dominant  player  in  ERP.  For  years,  SAP 
resisted  alliances  with  other  software  vendors  and  insisted 
on  building  its  own  applications.  But  post-SOA,  SAP  is 
busy  service-enabling  its  applications  and  using  its  new 
middleware  software,  Net  Weaver,  to  entice  companies  to 
build  software  to  run  on  the  Net  Weaver  platform  (which 
incorporates  Web  services  standards).  Online  CRM  soft¬ 
ware  provider  Salesforce.com  has  created  AppExchange, 
where  developers  can  download  free  software  to  integrate 
their  software  add-ons  with  Salesforce’s  core  software. 
Oracle,  meanwhile,  has  been  busy  building  its  platform 
through  acquisitions,  including  middleware  software  that 
is  the  linchpin  for  its  SOA  pitch. 

With  CIOs  reluctant  to  upgrade  to  new  versions  of  enter¬ 
prise  software,  the  big  vendors  are  saying,  “Look,  we  can’t 
sell  with  our  old  value  proposition  anymore,”  says  Gart¬ 
ner’s  Sholler.  “So  they’re  trying  to  make  [their  software]  the 
foundation  for  other  solutions  in  markets  they  haven’t  been 
able  to  reach.” 

But  this  strategy  has  put  the  enterprise  application  com¬ 
panies  on  a  collision  course  with  traditional  middleware 


providers  such  as  BEA,  IBM  and  WebMethods,  which  are 
coming  to  the  SOA  party  from  the  bottom  up,  through  the 
integration  infrastructure  layer.  “Everybody  is  winding  up 
tangled  up  in  the  same  space,”  says  Sholler. 

Although  the  integration  infrastructure  companies  have 
much  more  experience  with  the  foundational  elements  of 
SOA,  all  vendors  are  looking  to  build  long-term  relation¬ 
ships  with  customers.  Conse¬ 
quently,  despite  the  abundance 
of  Web  services  standards 
embedded  in  their  products  to 
ease  integration  headaches, 
everybody  has  a  proprietary 
hook  somewhere.  Oracle’s 
Fusion  applications  will  work 
only  with  Oracle’s  database. 
SAP’s  new  applications  require 
Net  Weaver  middleware, 
according  to  Gartner  and 
Forrester  Research.  Even  the 
integration  infrastructure 
companies  have  enough  pro¬ 
prietary  elements  to  make  it 
difficult  to  swap  out  their 
integration  software. 

The  bottom  line  for  CIOs? 
Beware  vendors  pledging  to  build  your  SOA  for  you. 

Unless,  like  Whirlpool’s  Sezer,  you’re  not  worried  about 
dependence  on  your  vendor,  which  in  Sezer’s  case  happens 
to  be  SAP.  “What’s  wrong  with  being  dependent  on  a  ven¬ 
dor  as  long  as  I’m  providing  value  to  my  company  with  the 
solution?”  he  asks. 

But  CIOs  on  the  whole  fear  dependency,  especially  in  the 
current  wave  of  consolidation,  according  to  a  2005  Accen¬ 
ture  survey  of  CIOs.  While  65  percent  of  CIOs  said  vendor 
consolidation  makes  for  a  more  integrated  software  infra¬ 
structure,  and  61  percent  believe  it  will  reduce  their  vendor 
management  burden,  87  percent  said  vendor  consolidation 
will  lead  to  lock-in,  61  percent  believe  it  will  decrease  price 
competition,  and  57  percent  believe  it  will  reduce  pressures 
for  vendors  to  innovate.  Only  35  percent  saw  vendor  consol¬ 
idation  as  a  good  thing. 

For  SOA  believers  like  Transamerica’s  Gleason,  annuity 
products  and  services  division,  an  independent  SOA  con¬ 
trolled  by  the  CIO  is  one  of  the  best  protections  against  lock- 
in.  “No  one  vendor  can  be  all  things  to  everyone,”  he  says. 
“There’s  always  going  to  be  somebody  out  there  who  will  be 
able  to  do  a  piece  of  your  process  better  than  anybody  else 
can.  And  the  first  company  to  adopt  that  is  going  to  have 
competitive  advantage.”  QE1 


Executive  Editor  Christopher  Koch  can  be  reached  a  ckoch@cio.com. 


“No  one  vender  can  be 
all  things  to  everyone. 

There’s  always  going  to 
be  somebody  out  there 
who  will  be  able  to  do 
a  piece  of  your  process 
better  than  anyone 
else  can.” 

-DIRECTOR  OF  I.T.  STRATEGIES  JEFF  GLEASON, 
TRANSAMERICA  LIFE  INSURANCE 


6  0 


JUNE  15,  2006  I  www.cio.com 


•■iv  V 


recommends  Windows®  XP  Professional 


'  i  mam  t  . 


Centrino"*^ 

Duo 


[ :  :fv. 


NEW  DELL™  LATITUDE™  D620  NOTEBOOKS 
FOR  BUSINESS  FEATURE  THE  FREEDOM  OF 
INTEL®  CENTRINO®  DUO  MOBILE  TECHNOLOGY. 


PURE 


www.dell.com/durable/ciomag 


1.877.440.  DELL 


The  magnesium  alloy  casing  and  built-in  shockabsorbers 
keep  the  new  Dell  Latitude  D620  RoadReady™  So  you 
can  worry  less  that  it  will  stop  when  it  drops.  And  keep 
your  data  protected  from  the  unexpected.  That's  the 
direct  path  to  success.  That's  pure  Dell. 


PURE  DURABILITY 


Wireless  Security 


THE 

SECURITY  PLAN 
FOR  YOUR 


LAN 

Take  advantage  of 
the  latest  security 
tools  and  keep  your 
users  informed  if  you 
want  to  achieve 
wire-free  bliss 


BY 

THOMAS 
WA  I  LG  U  M 


Oliver  Tsai  sees  it  every  quarter. 

Fresh-faced  medical  students,  new  to  Sunnybrook  and  Women’s 
College  Health  Sciences  Centre  and  armed  with  the  latest  Wi-Fi- 
enabled  laptops,  see  no  reason  why  they  shouldn’t  be  able  to  hop 
right  onto  Sunnybrook’s  wireless  network  with  those  shiny  new 
laptops  they  just  bought. 

The  same  scenario  plays  out  with  doctors  and  office  managers 
and  anyone  else  whose  new  gadget  automatically  sniffs  the  air¬ 
waves  and  picks  up  signals  from  Tsai’s  wireless  LAN,  or  WLAN. 
“They  can  see  what’s  available,  but  because  of  the  security,  they 
can’t  access  the  network  until  the  device  is  properly  configured,” 
says  Tsai,  the  director  of  IT  at  the  academic  health  sciences  center 
in  Toronto.  It’s  a  look-but-don’t-touch 
situation  that  can  frustrate  users— but, 

Tsai  says,  it’s  a  necessary,  if  tempo¬ 
rary,  frustration. 

Whether  they’re  medical  students, 

CEOs  or  cube  dwellers,  today’s  mobile 
phone  and  BlackBerry-equipped  work¬ 
ers  are  clamoring  for  even  greater 
wireless  access  while  on  the  job.  It’s 
nearly  certain  that  their  company- 
issued  laptop  has  a  Wi-Fi  chip  built-in, 


Reader  ROI 

::  How  new  wireless 
security  technologies 
can  eliminate  old 
fears  about  Wi-Fi 

::  Policies  you  need 
for  wireless  imple¬ 
mentation 

::  How  other  CIOs  deal 
with  wireless  security 
issues 


6  2 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  PATRICK  NICHOLS 


1 


Wireless  Security 


and  they  see  no  reason  to  be  shackled  to 
their  desks  anymore. 

Yet  IT  executives  are  still  distrustful  of 
wireless  LANs  because  of  perceived  security 
nightmares  such  as  wireless  denial-of-serv- 
ice  attacks  and  network  breaches.  “They  are 
scared,”  says  Nick  Selby,  an  enterprise  secu¬ 
rity  analyst  at  The  451  Group.  A  December 
2005  Forrester  Research  report  echoes 
Selby’s  take:  Security  is  the  number-one 
obstacle  when  acquiring  wireless  technolo¬ 
gies,  regardless  of  industry. 

But  some  of  those  fears  may  be  based  on 
old  news.  “Most  of  the  security  problems 
that  have  scared  away  early  adopters  have 
been  solved,”  says  Selby.  New  authentica¬ 
tion  and  encryption  schemes  (such  as  802.1x 
for  user  access  and  802.11i  advanced  encryp¬ 
tion  standard,  or  AES)  are  more  vigorous. 
And  vendors  now  offer  intrusion-detection 
products  and  architectural  schemes  that 
make  enterprise  wireless  networks  just  as 
safe  as  wired  ones. 

“Most  of  the  things  you’ll  need  to  do  [for 
security]  will  come  from  the  vendor.  It’s 
just  a  question  of  turning  it  on,”  adds  Selby. 
Last  year,  Gartner  went  so  far  as  to  say  that 
Wi-Fi  was  one  of  the  most  overhyped  IT 
security  threats. 

So  for  2006  and  beyond,  here  are  the 
five  security  areas  that  will  help  you  and 
your  users  get  the  most  from  a  wireless 
LAN— without  all  the  nightmares. 

Start  Planning 

First  questions  first:  Why  do  you  need  a 
WLAN?  Who’s  going  to  use  it  and  for 
what  purpose?  And  what  are  the  neces¬ 
sary  internal  and  external  safeguards?  By 
answering  those  questions  early,  CIOs  can 
also  determine  just  how  much  security 
their  WLAN  will  need. 

IS  Director  Bill  Tomcsanyi’s  initial  plan 
last  year  was  to  implement  a  wireless  net¬ 
work  beginning  in  the  emergency  depart¬ 
ment  at  Torrance  Memorial  Medical  Center. 
The  more  he  looked  at  then-current  secu¬ 
rity  safeguards,  the  efficiencies  his  clini¬ 
cians  and  administrators  could  realize,  and 
the  relatively  low  cost  to  install  the  net¬ 
work,  the  more  he  thought  of  enveloping 
the  entire  hospital  and  other  buildings  on 
campus,  which  is  what  he  did.  “[Wireless] 
is  absolutely  an  integral  part  of  our  five- 


802.11  is  a  group  of  wireless  networking  standards,  also  known  as 
Wi-Fi,  set  by  the  Institute  of  Electrical  and  Electronics  Engineers  (IEEE). 
A  guide  to  the  major  flavors: 


802.11a 
802.11b 
802. lid 

802. lie 

802.11g 

802.11H 

802. lli 

802. llj 

802.11n 

802. llx 


Standard  for  a  wireless  network  that  operates  at  5GHz  with  rates  up  to 
54Mbps. 

Standard  for  a  wireless  network  that  operates  at  2.4GHz  with 
rates  up  to  11Mbps. 

Specification  that  allows  for  configuration  changes  at  the  media  access 
control,  or  MAC,  layer  to  comply  with  the  rules  of  the  country  in  which  the 
network  is  to  be  used. 

Standard  that  adds  quality-of-service  features  and  multimedia  support  to 
the  existing  802.11b,  802. llg  and  802.11a  wireless  networks. 

Standard  for  a  wireless  network  that  operates  at  2.4GHz  Wi-Fi  with  rates 
up  to  54Mbps. 

Standard  that  supports  Dynamic  Frequency  Selection  (DFS)  and  Transmit 
Power  Control  (TPC)  requirements  to  ensure  coexistence  between  Wi-Fi 
and  other  types  of  radio  frequency  devices  in  the  5GHz  band. 

Standard  specifying  security  mechanisms  for  802.11  networks.  802.11i 
makes  use  of  the  advanced  encryption  standard,  or  AES,  block  cipher. 

The  standard  also  includes  improvements  in  key  management,  user 
authentication  through  802.1x  and  data  integrity  of  headers. 

Specification  for  wireless  networks  that  incorporates  Japanese  regulatory 
requirements  concerning  wireless  transmitter  output  power,  operational 
modes,  channel  arrangements  and  spurious  emission  levels. 

A  task  group  of  the  IEEE  802.11  committee  whose  goal  is  to  define  a 
standard  for  high-throughput  speeds  of  at  least  100Mbps  on  wireless 
networks.  (The  standard  is  expected  to  be  ratified  by  2007.) 

A  standard  for  port-based  authentication,  first  used  in  wired  networks, 
that  was  adapted  for  use  in  enterprise  WLANs  to  address  security  flaws 
in  WEP,  the  original  security  specification  for  802.11  networks. 

SOURCE:  Wi-Fi  Alliance 


year  information  technology  plan,”  says 
Tomcsanyi.  “In  the  end  we’re  providing 
faster  patient  care  and  eliminating  all  of 
the  things  that  could  lead  to  errors.” 

Once  CIOs  have  an  idea  of  what  they 
want,  the  next  challenge  is  to  quantify  the 
capital  outlay  and  the  expected  benefits— 


but  don’t  expect  to  produce  hard  numbers. 
“We  haven’t  been  able  to  quantify  why 
these  networks  are  worth  making  the 
investment,”  says  Joel  Conover,  a  research 
director  with  research  Firm  Current  Analy¬ 
sis.  Instead,  the  benefits  are  mostly  soft, 
such  as  increased  productivity  and  effi- 


64 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  ISTOCKPHOTO.COM 


Why  maintain 
separate  SAN 
and  NAS  systems 
when  you  can 

consolidate  both. 


One  system,  multiple  choices.  The  Pillar  Axiom™  enterprise 
storage  system  enables  SAN,  NAS,  or  both  in  a  single  storage 
environment  —  all  managed  through  one  powerful  user  interface. 
The  Pillar  Axiom  lets  you  add  performance  and  capacity  up  to 
300  TB  per  system,  without  multiple  software  license  fees.  And 
because  it's  priced  lower  than  what  many  companies  pay  just  to 
maintain  their  storage  systems,  Pillar  is  the  alternative  you've 
been  looking  for. 

To  learn  how  Pillar  is  giving  customers  a  better  choice  for 
networked  storage,  schedule  a  no-obligation  half-hour  briefing. 
Call  1-877-252-3706  orvisitwww.pillardata.com/both 


Learn  the  truth  about  networked  storage. 


©  2006  Pillar  Data  Systems  Inc.  All  rights  reserved.  Pillar  Data  Systems,  Pillar  Axiom, 
and  the  Pillar  logo  are  all  trademarks  of  Pillar  Data  Systems. 


DATA  SYSTEMS 


It's  OK  to  show  off  to  your  friends 
that  you  were  in  CIO. 


But  it’s  even  better  to 
show  your  customers. 


What  better  way  to  inform  your  key  customers 
of  your  editorial  coverage  in  CIO  than  through 
customized  Editorial  Reprints? 


%  % 


Leverage  the  positive  impact  of  your  editorial 
coverage  by  using  reprints  for  direct  mail 
campaigns,  seminar  promotions,  employee 
communications,  recruiting  and  marketing 
programs.  Let  us  enhance  your  reprints  with  your  company’s 
logo,  address,  and  sales  message.  Reprints  make  great  SALES  tools 
for  trade  shows,  mailings  or  media  kits. 


And  while  a  framed  copy  of  your 
article  will  look  neat  on  your  wall,  it 
will  look  even  better  in  the  hands  of 
your  customers. 


Business  Technology  Leadership 


PjggiRS 


I  international  coup  | 

[MANAGED  REPRINT  PROGRAMS  I 


For  more  information  on  customized  editorial  reprints  in  volume  quantities, 
contact  Jennifer  Eclipse  at  212.221.9595  x237  or  email  jeclipse@parsintl.com. 
Website:  www.magreprints.com/quickquote.asp 


Wireless  Security 


nnM’T  SIT  BACK  AND  WAIT  TO 
UIJIN  I  BE  ATTACKED;  NEW 
TECHNOLOGIES  CAN  DETECt,  LOCATE 
AND  SHUT  DOWN  ATTACKS  BEFORE 
THEY  DO  DAMAGE. 


ciency  because  users  can  go  anywhere 
(conference  rooms,  outdoor  patios,  the 
cafeteria)  and  tap  into  the  network  if  there’s 
a  wireless  access  point  (AP)  in  range.  And 
even  without  hard  ROI,  some  CIOs  find 
adequate  value.  “[Our  users]  can  stay  con¬ 
nected  to  Lotus  Notes  and  the  CRM  and 
ERP  packages,  and  can  cleanly  and  easily 
move  and  stay  connected  consistently,” 
says  Steve  McDonald,  VP  of  IT  of  Optimus 
Solutions,  a  $92  million  integrator  and 
reseller  of  software  and  hardware.  McDon¬ 
ald  has  covered  some  25,000  square  feet  of 
space  with  nine  APs  using  802.11b/g  net¬ 
working  capabilities. 

But  Ellen  Daley,  principal  analyst  with 
Forrester  Research,  sums  up  the  consensus 
of  today’s  WLAN  deployments:  “For  pri¬ 
mary  data  access  to  every  network  in  the 
enterprise,  [Wi-Fi]  is  really  an  additive— 
not  a  replacement  [for  the  wired  network]. 
And  it’s  an  additive  cost.”  Payback  figures 
from  WLAN  vendors  are  a  bit  rosier.  On  a 
typical  installation  using  802.11a,  b  or  g,  for 
example,  Nortel  claims  that  organizations 
can  realize  a  2  percent  to  3  percent  produc¬ 
tivity  improvement  for  users  and  a  payback 
on  the  WLAN  investment  in  a  year’s  time. 

Write  the  Book 

The  industrious  cube  dweller  or  visiting 
contractor  who  plugs  his  wireless  router 
into  an  Ethernet  port  probably  doesn’t  have 
evil  intentions.  But  it’s  up  to  you  to  make  it 
clear  to  every  user  how  bad  such  behavior 
can  be:  This  rogue  access  point  now  sits 
behind  the  outward-facing  protection  of 
the  firewall  and  can’t  be  detected  by  most 


intrusion-detection  systems,  and  somebody 
sniffing  the  air  with  a  simple,  inexpensive 
handheld  device  or  wireless-enabled  note¬ 
book  could  lock  on  to  the  signal  and  have 
full  access  to  the  corporate  network.  “You 
have  to  define  the  policy  for  your  wireless 
LAN:  when  people  can  use  it,  the  restric¬ 
tions  on  use,  or  guest-access  use  for  con¬ 
sultants  and  partners,”  says  Daley. 

CIOs  cannot  overestimate  the  amount  of 
user  education  needed  for  a  wireless  LAN 
policy.  Users  don’t  need  to  know  how  to  tell 
a  MAC  address  from  an  SSID,  but  they  do 
need  to  know  right  from  wrong.  For  exam¬ 
ple,  they  need  to  know  about  being  tricked 
into  accessing  a  wrong  (and  potentially 
malicious)  access  point  that  doesn’t  belong 
to  their  organization.  “It  really  requires  that 
awareness  of  a  new  set  of  risks  that  this  free¬ 
dom  permits,”  Selby  says. 

Next,  CIOs  all  agree  that  any  new  wire¬ 
less  policy  must  dovetail  with  the  existing 
wired  policy.  “You  have  to  follow  the  same 
rules  of  the  road  for  wireless  that  we  follow 
in  the  wired  environment,”  says  Bryon 
Fessler,  CIO  and  VP  of  IS  for  the  University 
of  Portland  in  Oregon.  Since  last  year, 
Fessler  has  rolled  out  50  access  points  in 
three  buildings  on  campus,  with  plans 
for  at  least  25  more  in  the  future.  He  takes 
every  opportunity  (face-to-face  discus¬ 
sions,  e-mails  and  other  get-togethers)  to 
ensure  that  the  4,500  students,  faculty 
and  university  members  understand  the 
reasons  behind  his  wireless  LAN  poli¬ 
cies— why,  for  example,  student  laptops 
have  to  be  quarantined,  inspected  for 
viruses  and  credentialed  before  they  can 
connect  to  the  WLAN. 


Wireless:  Are  You  Scared? 


For  information  about  the  PRODUCTS 
AND  TECHNOLOGIES  IN  THE  WIRELESS 
SECURITY  SPACE,  visit  www.cio.com/ 


061506. 


cio.com 


Always  Authenticate 

Where  wireless  education  ends,  authen¬ 
tication  and  encryption  technologies  step 
in  as  the  enforcers  of  policy— they’re  the 
teeth  when  all  the  talking  stops. 


T 


COMPLEXITY 


NOW! 


thelTevolution.com 


Access  a  new  IDG  Web  site 
providing  I.T.  executives 
with  exclusive  IDG  and  IDC 
Insights  into  optimization 
and  strategies  to  tame 
growing  I.T.  complexities 


r  ">> 


FLEXIBILT 
INTEGRATE 
SECURIT 
OPEN  STANDARDS 
OPTIMIZATION 

IDC  Featured  Contei 

>  Executive  Briefs 

>  Executive  Insii 

>  Analyst  Blogs 

>  Analyst  Videos 


Analyze 


www.cio.com  |  JUNE  15,  2006  67 


Wireless  Security 


Authentication  is  one  of  CIOs’  first  lines 
of  defense.  Boiled  down,  it  is  the  ability  to 
ensure  that  the  client  (laptop  or  other 
device)  asking  to  latch  on  to  the  network 
signal  is  both  what  it  claims  to  be  and  has 
been  given  permission  to  use  the  WLAN. 

Right  now,  the  802. lx  standard  for  port- 
based  authentication,  which  originated  in 
the  wired  networking  world  and  has  been 
retrofitted  for  WLANs  because  of  the  defi¬ 
ciencies  of  the  wired  equivalency  protocol 


“You  have  to  follow  the  same 
rules  of  the  road  for  wireless 
that  we  follow  in  the  wired 
environment,”  says  Bryon 
Fessler,  CIO  and  VP  of  IS, 
University  of  Portland. 


(WEP),  is  one  of  the  top  tools  for  creden- 
tialing  users.  The  protocol  behind  802.1x  is 
called  EAP,  for  extensible  authentication 
protocol,  and  it  uses  encrypted  tunnels  to 
exchange  information  (user  names  and 
passwords)  between  device  and  network. 
According  to  WLAN  vendor  Aruba, 
although  an  intruder  can  monitor  the 
exchange  over  the  air,  data  inside  the 
encrypted  tunnel  cannot  be  intercepted. 
Because  EAP  is  used  on  wired  networks, 


i®. 


S&K 


it’s  attractive  to  CIOs  pushing  a  unified  net¬ 
work  strategy.  Its  mutual  authentication 
ability  gives  users  the  added  protection  that 
the  network  they’re  seeing  is  actually 
legit— and  not  a  hacker’s  fake  access  point 
(referred  to  as  an  “evil  twin”).  Client-based 
software  from  vendors  such  as  AirDefense 
and  AirMagnet  can  help  as  well. 

Tsai  of  Sunnybrook  and  Women’s  uses 
protected  EAP  for  his  authentication  to 
access  the  corporate  wireless  data  net¬ 
work.  Since  he’s  a  Microsoft 
shop  on  the  systems  side, 
Tsai  is  able  to  take  advantage 
of  the  controls  in  Windows 
XP,  which  supports  EAP. 

Another  authentication 
scheme  that  bridges  the  wired 
and  wireless  worlds  is  called 
NAC,  or  network  admission 
control.  This  Cisco-led  initia¬ 
tive  is  a  network-based  policy 
that  ensures  that  devices  look¬ 
ing  to  hop  onto  a  WLAN  are 
both  trusted  and  free  of 
worms,  viruses  and  spyware. 
At  the  University  of  Portland, 
Fessler  uses  NAC  to  quaran¬ 
tine  new  devices,  run  diag¬ 
nostics  and  then  allow  users 
onto  both  the  wired  and  wire¬ 
less  LAN;  his  system  also  uses 
an  Active  Directory  database 
to  verify  users  in  the  system 
and  grant  them  access  to  an 
ERP  system  or  student  data¬ 
base,  for  example.  “It  applies 
the  trust-and-verify”  line  of 
thinking,  he  says,  that  works 
very  well  in  an  open  univer¬ 
sity  environment,  where  stu¬ 
dents  have  a  notion  of  many 
technological  freedoms. 


Encrypt  Well 

Authentication  and  encryp¬ 
tion  go  hand-in-hand,  and  in 
March,  both  received  a  much- 
needed  boost  when  the  Wi-Fi 
Alliance  announced  that 
WPA2— the  strongest  encryp¬ 
tion  specification  for  802.11— 
was  now  mandatory  on  all 
Wi-Fi  products.  WPA2 


PHOTO  BY  TIM  JONES 


Small  Workgroup  Office  + 


...... 


.... 

.  V-.  '  r.:V> 

•  '  ■■  f; 

•  •  -  **  *  '-vV- 

'■  ■■  .  * 

• 

..  i'.i  • 

'  •  '  .  '  •  . 

-  .  -  .  "  V  ■  ■■  • 

•  V  :  .  •  -ft  i 


papilSI  jr\  \  . 

\ 

i>  ^„ir- 


*  Branch  Office 


+  Corporate  Office 

Wf^mr  \  V/ 

*  Home  Office 

“  %\:  vy\  / 


Road -Warn  or  Office 


Take  cost  out  of  your  business  and  increase  productivity. 

*  t  <  i  *»«,•■  smmmm  aemmmmuwmmmmmmmmmmammmmmmmmmmmmmmmmmmmm 

No  matter  where  you  do  business. 


The  Brother  Advantage 


>■  Comprehensive  selection 
Increased  productivity 
>*  Lower  acquisition  costs 


Brother  Printer,  Fax  and  Multi-Function  Center®  models  - 
designed  to  increase  productivity  while  decreasing  overhead. 


Reduced  consumable  costs 
24/7/365  support  and  service 
Free  evaluation  program 


Mobile  Printing  Solutions  Labeling  Solutions 


Desktop  Laser  Solutions 


Color  Laser  Solutions 


Fax  Solutions 


Network  Printer  Solutions 


Considering  that  over  94%  of  Fortune  1000  company  employees  work 
outside  corporate  headquarters*,  equipping  them  with  a  cost-effective 
solution  is,  to  say  the  least,  a  major  challenge. 

That's  why  Brother's  Commercial  Division  is  committed  to  providing 
superior  and  reliable  imaging  solutions  that  increase  productivity  while 
reducing  costs.  This  enables  businesses  like  yours  to  effectively  address 
critical  organizational  goals  and  challenges. 

But  it  is  our  product  reliability,  coupled  with  a  responsive  nationwide 
support  and  service  network,  that  has  companies  like  yours  putting  Brother 
at  the  top  of  their  requisition  lists. 

Brother's  Commercial  Division  welcomes  the  opportunity  to  put  our 
resources  to  work  for  you.  Contact  us  today  so  we  can  show  you  how  we 
can  positively  impact  your  bottom  line  while  enhancing  your  performance. 

For  more  information,  call  1-866-455-7713. 

*Purchase  Influence  in  Larger  American  Businesses  ( Erdos  &  Morgan,  2001). 


©  2006  Brother  International  Corporation,  Bridgewater,  NJ  •  Brother  Industries  Ltd.,  Nagoya,  Japan 

For  more  information  visit  our  Web  site  at  www.brother.com 


Wireless  Security 


stands  for  Wi-Fi  Protected  Access  2  and  is 
the  long-awaited  successor  to  WPA  (which 
itself  supplanted  the  earlier  WEP  stan¬ 
dard).  “WPA  has  some  questions,  but 
WPA2  is  pretty  darn  good,”  says  The  451 
Group’s  Selby. 

Whereas  authentication  is  about  ensur¬ 
ing  mutual  trust  between  device  and  net¬ 
work,  encryption  is  about  making  sure  the 
connection  and  data  transfer  is  safe,  “so 
that  someone  with  malice  couldn’t  start 


to  police  their  own  networks,”  Tsai  says. 

And  for  those  CIOs  who  still  say  no  to 
WLANs,  they’d  better  make  certain  that’s 
really  the  case  by  monitoring  their  air¬ 
waves.  “It’s  strange:  Let’s  deploy  Wi-Fi  sen¬ 
sors  in  an  environment  where  you  have  not 
deployed  Wi-Fi,”  says  The  451  Group’s 
Selby.  “But  having  a  way  to  search  for  rogue 
networks  is  a  must.” 

Sunnybrook  and  Women’s  Tsai  has 
spread  out  300  APs  over  three  distinct 


recently  acquired  by  Cisco)  inside  his  Cisco 
infrastructure.  “At  a  centralized  level,  we 
can  see  the  rogues  and  shut  them  off.” 

Segregate  Traffic 

Though  it  may  seem  like  an  insane  idea  to 
some  security-minded  CIOs,  many  IT  execs 
are  opening  their  wireless  networks  to  the 
public:  guests  and  business  partners  who 
want  to  surf  the  Web  and  check  e-mail 
while  in  the  buildings.  Tomcsanyi  says  that 


r *  I  NEED  TO  REALIZE  THAT  SECURITY  MECHANISMS  HAVE 

Vs  I  US  FINALLY  CAUGHT  UP  WITH  WIRELESS  HYPE. 


looking  at  the  packets,”  says  Tomcsanyi. 
Laptops  and  access  points  with  WPA2 
inside  use  the  advanced  encryption  stan¬ 
dard  to  provide  the  top  level  of  security. 

If  CIOs  want  to  dive  deep  into  the  tech¬ 
nical  schematics  of  WLANs  and  access 
points,  they  certainly  can.  But  thanks  to  the 
maturing  vendor  technologies,  the  encryp¬ 
tion  plan  is  fairly  straightforward:  Just  turn 
WPA2  on.  “It  sounds  like  a  very  complex 
situation,  but  it’s  not,”  says  Optimus  Solu¬ 
tions’  McDonald. 

Of  course,  the  base  elements  of  authen¬ 
tication  and  encryption  require  industrial- 
strength  user  names  and  passwords— ones 
where  attackers  cannot  easily  guess  them 
(such  as  eight  or  more  characters  and  a  mix 
of  alphanumeric  and  other  characters). 
That  concept  should  “almost  go  without 
saying”  in  this  day  and  age,  but  according 
to  Daley,  “you’d  be  surprised  at  how  many 
companies  don’t  do  that.”  That  sentiment  is 
backed  up  by  security  vendor  Kaspersky 
Labs,  which  estimates  that  about  70  percent 
of  Wi-Fi  networks  do  not  use  any  type  of 
data  encryption. 

Sniff  Out  Bad  Guys 

A  significant  security  mindshift  during  the 
past  several  years  has  been  the  change  from 
a  defensive  WLAN  posture  to  one  that  is 
more  offensive.  CIOs  shouldn’t  sit  back  and 
wait  to  be  attacked;  new  technologies  can 
detect,  locate  and  shut  down  attacks  before 
they  do  damage.  “It’s  critical  that  enterprise 
environments  have  the  tools  that  allow  them 


campus  environments  in  the  Toronto 
area— two  urban  and  one  suburban  cam¬ 
pus.  He  uses  an  AP  detection-scanning 
technology  that’s  built  into  Symbol’s 
WLAN  products,  and  his  experience  veri¬ 
fies  the  notion  that  dense,  urban  areas  are 
much  more  dangerous  than  suburban 
locales.  “There’s  a  significant  number  of 
rogue  detections  in  the  hospitals  downtown 
surrounded  by  offices  and  apartments,” 
Tsai  says.  At  the  suburban  campus,  “we 
pick  up  very  few.” 

While  intrusion-detection  systems,  or 
IDSs,  aren’t  all  that  new,  it’s  the  new  pre¬ 
vention  part  of  the  IDS  equation  that  is  help¬ 
ing  to  cut  off  threats  before  they  can 
manifest.  At  Torrance  Memorial  Medical 
Center,  Tomcsanyi  has  a  detection  system  in 
place  and  is  rolling  out  a  new  prevention 
element  by  the  third  quarter  of  this  year. 
“This  takes  more  of  a  proactive  approach,” 
he  says.  Using  new  technology  from  ven¬ 
dors  such  as  Aruba,  the  access  points  act  as 
both  radio  frequency  connectors  and  wire¬ 
less  sensors  for  intrusion  prevention,  which 
can  save  on  costs  from  having  to  install  both 
the  APs  and  a  separate  IDS.  (Tomcsanyi, 
however,  says  he  plans  to  continue  using 
multiple  security  systems— such  as  a  new 
intrusion-prevention  system  from  Cisco  to 
be  installed  later  this  year— in  concert  with 
each  other.) 

“Anyone  who  doesn’t  monitor  their 
WLAN  is  looking  for  future  problems,” 
says  Fessler,  who  uses  a  detection  and  pre¬ 
vention  product  from  AirSpace  (which  was 


his  ability  to  give  patients  and  other  visitors 
wireless  access  is  a  valuable  asset  in  the 
health-care  field. 

Torrance  Memorial  Medical  Center  has 
211  APs  throughout  its  five-building  cam¬ 
pus  that  provide  100  percent  wireless  cov¬ 
erage,  Tomcsanyi  says.  He  is  able  to  offer 
public  Wi-Fi  because  he  has  the  ability  to 
segregate  traffic  within  the  network  archi¬ 
tecture.  There’s  an  open  network  just  for 
patients  and  guests,  and  a  secure  corporate 
network  that  provides  the  encrypted  con¬ 
nections  for  employees.  The  two  networks 
stay  separate,  he  says. 

According  to  Cisco,  a  wireless  guest  net¬ 
work  is  an  easy  way  to  allow  access  while 
eliminating  the  need  for  IT  personnel  to 
authorize  each  user.  Guest  networks  use 
an  open  security  method  segregated  on  a 
specific  SSID  (a  unique  name  for  each 
WLAN)  that  routes  traffic  to  a  network  that 
accesses  the  public  Internet  only.  Tom¬ 
csanyi  cites  increased  patient  satisfaction 
levels  because  of  the  WLAN  access. 

While  wireless  networking  has  come  far 
in  a  short  time,  CIOs  now  need  to  realize 
that  the  security  mechanisms  have  finally 
caught  up  with  much  of  wireless’s  blister¬ 
ing  hype.  “It  used  to  be  that  you’re  going  to 
have  to  sacrifice  some  security  policies  and 
procedures  because  you  want  to  have  that 
wireless  connectivity,”  Fessler  says.  “Now 
I’m  not  having  to  sacrifice  that.”  ram 


Senior  Writer  Thomas  Wailgum  can  be  reached 
at  twailgum@cio.com. 


7  0 


JUNE  15,  2006  |  www.cio.com 


Yes.  No  one  is  closer  than  us. 


The  world  is  full  of  choices  for  IT  Services  and  the  nearest  selection  for  meeting  your  company's  IT  needs  is  Mexico. 
Profit  from  all  the  benefits  your  company  will  enjoy  by  collaborating  with  Mexico. 

•  Development  Centers  capable  of  providing  IT  best  practices  such  as  CMMI  and  Six-Sigma 

•  A  growing  and  dynamic  IT  industry 

•  A  large  source  of  skilled  IT  professionals 

•  World-class  technological  infrastructure  for  remote  IT  Services 

•  Better  project  and  work  control 

•  IT  people  working  with  Mexico  spend  less  time  away  from  home  and  office 

•  Improved  overall  cost  of  engagement 

•  Outstanding  business  environment  for  your  investment 

Take  the  road  to  Mexico:  The  choice  in  IT  Services  is  closer  than  ever. 


Always  Near  Your  Business 


www.mexico-it.com 


Steve  Bandrowczak, 

CIO  of  Chinese  PC  company 
Lenovo,  is  building  the 
company’s  IT  operations 
from  the  ground  up. 


Career 


The  China  Gambit 


China,  starved  for  executive  talent,  is 
importing  CIOs  from  the  West.  And 
discovering  how  IT  works— and  doesn’t— 
in  this  emerging  factory  to  the  world  is 
supercharging  their  careers. 

BY  STEPHANIE  OVERBY 


Last  year,  Steve  Bandrowczak  jumped  at  the  chance 

to  take  on  a  new  challenge:  the  top  IT  job  at  PC  maker  Lenovo  Group,  a 
Chinese  company. 

Tve  rolled  out  systems  in 200-plus  countries,”  says  Bandrowczak,  a 
25-year  IT  veteran,  describing  his  experiences  as  a  globe-trotting  CIO, 
including  setting  up  Chinese  distribution  centers  while  head  of  IT  for 


DHL  Worldwide.  “I’ve  overseen  43  mergers.  I’ve  built  and  shut  down 


data  centers  around  the  globe.”  But  now 
Bandrowczak  is  poised  to  tackle  a  job  that  few 
American  CIOs  would  have  even  considered 
until  recently:  managing  enterprise  IT  in  China. 

“It’s  an  exciting— but  formidable— challenge,” 
says  Bandrowczak.  “From  a  career  perspective, 
it’s  the  first  time  I’ve  had  the  opportunity  to  build 
the  center  of  a  company’s  IT  capabilities  in 


Reader  ROI 

::  What  China’s 
management 
shortage  means  for 
American  CIOs 

::  How  Chinese 
companies  regard  IT 

::  Howto  get  the 
support  you  need  to 
manage  IT  in  China 


PHOTO  BY  JEFF  WEINER 


www.cio.com  |  JUNE  15,  2006 


73 


Career 


‘Either  things  happen  very  rapidly  or  nothing 
gets  done  at  all.  There’s  not  a  lot  of  middle 

ground  -MATT  BRENNAN,  CIO,  ASIMCO 


China.  You  only  get  to  do  something 
this  special  once  in  your  career.” 

Bandrowczak’s  mission  is  to  build 
a  new  data  center  and  IT  develop¬ 
ment  center  in  Beijing  as  the  primary 
pieces  of  a  global  IT  infrastructure 
that  will  support  the  aspirations  of 
Lenovo,  which  made  its  first  major  move 
abroad  by  acquiring  IBM’s  PC  division  last 
May.  But  managing  major  IT  operations  in 
China  in  some  form  or  another  is  becoming 
less  of  a  foreign  concept  for  American  CIOs. 

One  reason  is  simple  supply  and 
demand.  Experts  say  there’s  a  shortage  of 
local  IT  executive  and  management  talent 
in  China,  not  nearly  enough  to  keep  up  with 
local  needs  in  an  economy  that’s  been  grow¬ 
ing  at  nearly  10  percent  annually  over  the 
past  two  decades.  Today,  China  has  between 
3,000  and  5,000  executives  with  experi¬ 
ence  managing  in  a  multinational  environ¬ 
ment,  according  to  the  McKinsey  Global 
Institute.  But  given  the  country’s  global 


aspirations,  it  will  need  75,000  leaders  who 
can  work  effectively  in  global  environments 
within  the  next  decade.  In  fact,  when 
Lenovo  paid  $1.75  billion  for  IBM’s  PC  unit, 
it  made  no  bones  about  the  fact  that  it  was 
paying  mostly  for  access  to  Western  man¬ 
agerial  know-how  and  best  practices. 

Today,  having  experience  in  China  is  a 
bonus— often  the  key  to  landing  coveted  CIO 
positions  like  Bandrowczak’s.  Tomorrow,  it 
may  become  a  necessity.  China  is  growing 
more  and  more  central  to  the  strategies  of 
multinational  corporations,  both  as  supplier 
and  customer.  For  example,  China  is  the 
United  States’  second- largest  supplier  (after 
Canada)  and  the  fourth-biggest  market  for 


American  goods,  according  to  the  U.S.  Cus¬ 
toms  Service.  “If  you  can  show  that  you’ve 
taken  an  organization  in  massive  growth 
mode  in  China  and  managed  IT  across  those 
different  cultures,  that’s  going  to  be  worth  a 
lot.  You’re  going  to  be  able  to  get  that  big  CIO 
job,”  explains  Steve  Mullinjer,  managing 
partner  at  executive  search  firm  Heidrick  & 
Struggles  in  Shanghai.  “China  is  such  an 
increasingly  integral  part  of  every  company’s 
operations.  In  the  future,  if  you  don’t  have 
firsthand  experience,  you’ll  be  in  trouble.” 

Don’t  see  yourself  living  in  Shanghai? 
You’ll  be  dealing  with  Chinese  IT  in  some 
form  or  another  in  the  future,  be  it  through 
outsourcing,  working  with  suppliers  or 


7  4 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  THOMAS  BROENING 


IT’S  A  NOTEBOOK.  IT’S  A  TABLET. 


Fujitsu  recommends 

LifeBook ®  T4200  Tablet  PC  Microsoft®  Windows®  XP  Tablet  PC  Edition 

•  Configurable  to  only  4.3  lbs. 

•  A  versatile,  built-in  modular  bay 

•  Up  to  8.5  hours  maximum  battery  life 

•  Wide-viewing  angle  indoor  or  indoor/outdoor 
XGA  displays 

Why  limit  yourself  to  an  ordinary  tablet  or  notebook?  The  Fujitsu  LifeBookT4200  Tablet  PC  with  Intel®  Centrino®  Duo  Mobile 
Technology  instantly  changes  from  one  to  the  other  with  just  a  twist  and  flip  of  its  brilliant,  1 2. 1"  screen.  From  the  field  to 
the  back  office,  this  no-compromise  solution  is  the  only  mobile  computing  platform  you  need.  With  its  built-in  modular  bay, 
you  have  the  flexibility  to  burn  CDs  and  DVDs,  work  up  to  8.5  hours  between  charges,  or  trim  down  to  a  nimble  4.3  lbs. 
Fujitsu  is  the  only  convertible  to  feature  a  unique  bi-directional  hinge  and  the  patented  Bay-Lock™  feature-  both  designed  to 
allow  you  to  work  the  way  you  want  to.  To  find  out  why  the  LifeBook  T4200  Tablet  PC  is  the  one  computer  mobile 
professionals  can  count  on,  visit  www.shopfujitsu.com/LifeBookT4000 
or  call  I.800.FUJITSU 


Centrino'^ 

Duo 

THE  POSSIBILITIES  ARE  INFINITE 


FUJITSU 


It's  a  notebook 


that  converts 


into  a  tablet 


©2006  Fujitsu  Computer  Systems  Corporation.  Ali  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  Baylock  is  a  trademark  of  Fujitsu  Computer  Systems  Co»poration.  Centrino,  Intel,  the  Centrino 
logo  and  the  Intel  logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation. 


Career 


serving  customers.  Even  if  you  don’t  spend 
a  week  every  month  in  a  Beijing  hotel  as 
does  Bandrowczak,  some  direct  knowledge 
of  China  increasingly  will  be  critical  to  your 
career  prospects. 

But  for  all  the  talk  about  the  promise  of 
China  and  its  growing  importance  to  West¬ 
ern  corporations,  the  IT  environment  there 
remains  a  challenging  one.  CIOs  heading  to 
China  for  the  first  time,  either  out  of  oppor¬ 
tunity  or  necessity,  should  understand  the 
obstacles  before  they  go. 

“Managing  IT  in  China  isn’t  seamless  at 
all,”  says  Matt  Brennan,  interim  CIO  for 
Asimco,  a  $400  million  auto  parts  distrib¬ 
utor  based  in  Beijing.  “You  have  to  be  pre¬ 
pared  for  some  real  challenges.  But  it  can  be 
very  satisfying  if  you  persevere.” 

WHERE  I.T.  IS  STILL  A  SERVICE 

One  of  the  things  CIOs  learn  about  China 
early  on  is  that  while  youth,  excellent  edu¬ 
cation  and  enthusiasm  abound,  experience 
does  not.  For  Charlie  Peters,  who  has  over¬ 
seen  IT  and  e-business  efforts  in  China  for 
15  years  as  senior  executive  vice  president 
for  Emerson,  a  $17.5  billion  electronics 
manufacturer,  that’s  part  of  the  thrill.  “The 
drive  of  the  people  is  unparalleled  in  the 
business  world,  yet  their  knowledge  of  even 
basic  business  approaches  is  nonexistent,” 
Peters  says.  “So  it’s  fulfilling  to  teach  and 
experience  the  progress  they  make.” 

To  help  meld  local  enthusiasm  with 
global  experience,  Bandrowczak  has  cre¬ 
ated  an  IT  management  team  made  up  of 
half  U.S.  professionals  and  half  Chinese, 
which  mirrors  the  makeup  of  Lenovo’s 
executive  team.  The  Western  managers 
bring  understanding  of  global  and  enter¬ 
prise  IT  management  principles;  the  Chi¬ 
nese  managers  bring  knowledge  of  local 
management  mores.  The  only  problem 
Bandrowczak  foresees  is  that  those  skills 
he’s  imparting  are  increasing  in  value  in 
the  local  market.  “You  don’t  find  many 
companies  building  data  centers  and  hous¬ 
ing  all  technology  and  enterprise  services 
out  of  China  right  now  like  we’re  trying  to 
do,”  he  says.  “But  in  the  future,  within  the 
next  year,  we’ll  have  a  retention  problem.” 

Outside  of  the  technology  industry,  it’s 
already  difficult  to  find  IT  help,  partly 
because  Chinese  companies  don’t  often 

76  JUNE  15,  2006  |  www.cio.com 


Managing  IT  in  China:  DOs  and  DON’Ts 

DO  seek  out  a  local  lieutenant.  Someone  familiar  with  the  local  landscape  and 
with  connections  will  prove  invaluable. 

DON’T  automate  everything.  Sometimes  a  technology  solution  is  not  appropri¬ 
ate,  and  manual  processes  may  prove  cheaper. 

DO  attempt  to  learn  the  language.  Or,  at  least  a  few  words.  That  shows  respect. 

DON’T  import  your  management  style  without  modification.  What  works  in  terms 
of  motivation  or  communication  in  the  United  States  may  not  go  over  as  well  in 
China.  Keep  an  open  mind  and  learn  what  works  and  abandon  what  doesn’t. 

DO  get  out  of  the  office.  Visit  the  Forbidden  City.  Eat  in  local  restaurants.  All  work 
and  no  play  makes  for  a  dull  CIO.  And  cultural  immersion  will  not  only  benefit  you 
personally  but  professionally  too. 

DON'T  meet  reluctance  with  force.  There's  nothing  worse  than  an  overbearing 
expat.  Approach  challenging  situations  with  patience  and  empathy.  Understand 
the  rationale  behind  resistance  before  deciding  how  to  overcome  it. 

DO  make  sure  you  have  your  family’s  support.  Eighty  percent  of  executives  going 
to  China  on  an  assignment  are  accompanied  by  their  families.  Even  if  you're  not 
living  in  China  full-time,  constant  travel  back  and  forth  will  affect  your  home  life. 

If  your  family’s  not  happy,  you're  not  happy. 

DON’T  assume  you’ll  have  local  software  and  IT  services  support.  The  local 
market  is  still  underdeveloped.  Have  a  plan  to  fill  in  the  gaps.  -S.0. 


place  a  high  strategic  value  on  IT.  “In  the 
U.S.  it  may  be  difficult  to  attract  top  talent 
to  an  internal  IT  department,  but  it’s  not 
impossible,”  says  Charles  Wan,  who  was 
born  in  Chongqing,  China,  but  spent  15 
years  going  to  school  and  working  in  IT  in 
the  United  States  and  became  an  Ameri¬ 
can  citizen  before  being  tapped  by  Midea,  a 
$5  billion  appliance  manufacturer  based 
in  Shenzhen,  as  its  first  strategic  CIO.  “In 
China,  to  work  for  the  internal  IT  depart¬ 
ment  is  considered  a  service  job.  The  core 
business  is  not  IT.  They’d  rather  work  for  a 
vendor.”  It’s  not  just  an  image  thing,  says 
Wan;  the  high-tech  companies  pay  twice 
as  much.  “I  was  constantly  telling  my  CFO, 
these  people  are  underpaid,”  says  Wan. 
“We  need  more  money  to  get  people  here 
and  get  them  motivated.” 


China’s  Perils  and  Opportunities 


To  read  more  of  CIO' s  coverage  of  IT  issues 
in  China,  see  "Making  It  in  China,”  www.cio 
.com/101505,  and  “It’s  Cheaper  in  China," 

www.cio.com/091505.  CIO  COITI 


Wan  succeeded  in  getting  a  bigger  hiring 
budget  from  HR  and  finance,  but  not  quite 
enough  to  compete  with  the  global  IT  ven¬ 
dors  like  SAP  and  Oracle.  So  he  changed 
his  tactic.  “I  decided  it  was  better  to  train 
new  grads  than  to  try  to  hire  them  away 
from  other  firms,”  says  Wan.  “The  strategy 
worked,  but  it  took  time.” 

Don’t  expect  outside  help  to  fill  the  gap, 
either.  China  suffers  from  a  dearth  of  local 
third-party  systems  implementation  part¬ 
ners  and  local  software  companies.  “If  you’re 
doing  a  major  implementation,  there’s  less 
of  a  resource  base  so  your  implementations 
are  going  to  be  more  expensive  and  more 
difficult  to  do,”  says  Peters,  who’s  currently 
paying  a  premium  to  IBM  China  for  its  help 
with  Emerson’s  ERP  implementations. 

THE  COMPLEXITIES 
OF  HIERARCHY 

While  China  may  seem  like  a  new  frontier 
to  Westerners,  that’s  not  at  all  the  way  the 
Chinese  view  their  business  landscape.  In 
fact,  new  ways  of  doing  business  threaten 
very  old  and  established  hierarchies.  Many 


End-to-end 
IP  solutions  and 
the  expertise 
to  manage  them 


that  works 


Verizon  Business  offers  a  full  range  of  managed  network  solutions,  from 
simple  network  monitoring  to  complete  outsourcing.  It  all  comes  with 
versatile  experts  who  are  accountable  for  making  it  all  work  for  you. 


Veri70nbusiness 

We  never  stop  working  for  you. 


Global  capability  with  personal  accountability,  verizonbusiness.com 


Career 


leaders  inside  Chinese  companies  came 
aboard  when  their  enterprises  were  run  by 
the  state  and  Communist  party.  These  men 
wielded  tremendous  amounts  of  authority 
and  power  in  that  structure.  Not  surpris¬ 
ingly  they  still  want  to  be  in  charge.  And,  as 
is  typical  in  communist  bureaucracies,  they 
are  accustomed  to  change  happening  at  a 
snail’s  pace.  They  often  resist  new  ideas— 
especially  when  they  come  from  outsiders. 

Combating  this  kind  of  opposition  was  a 
challenge  for  Brennan  at  Asimco,  which  is 


still  partnered  with,  invested  in  and  con¬ 
nected  to  various  state-owned  enterprises 
in  many  complex  ways.  Brennan  sought 
counsel  from  his  direct  report,  IT  services 
manager  Bruce  Li,  who  is  overseeing  Bren¬ 
nan’s  current  ERP  project  and  serves  as  a 
cultural  attache  for  the  interim  CIO.  “Bruce 
has  fantastic  English  language  and  cultural 
translation  skills  and  keeps  me  on  the 
straight  and  narrow  in  terms  of  how  I  need 
to  be  perceived,”  says  Brennan.  “I  have  to 
strike  a  balance  between  being  the  expert 


making  these  business  units  move  on  an 
issue  and  working  collaboratively  with 
them  as  a  partner.  I  want  to  be  authoritative 
and  strong  but  I  don’t  want  to  be  that  over¬ 
bearing,  know-it-all  expat.” 

Li  helped  Brennan  get  the  general  man¬ 
agers  of  the  company  on  board  with  both 
upgrading  the  company’s  existing  ERP  sys¬ 
tem  and  a  more  problematic  new  business 
intelligence  system.  “We  were  dealing  with 
folks  from  the  state-owned  entity  side.  And 
even  though  we  own  a  majority  stake  in  them 
now,  the  local  guys  can  make  life  difficult  if 
you  don’t  know  how  to  deal  with  them,”  says 
Brennan.  “Bruce  is  pretty  ingrained  in  the 
corporate  culture,  having  been  here  eight 
years.  So  when  it  came  time  to  ask  them  for 
access  to  their  firewalls,  or  to  figure  out  how 
to  work  with  their  finance  resources,  my 
approach  was  to  talk  to  Bruce  first.  I  let  him 
go  deal  with  the  local  folks  and  call  me  in  at 
the  appropriate  point,”  says  Brennan. 

And  it  worked— most  of  the  time. 

“You  know  very  quickly  whether  you’ve 
grabbed  the  audience,”  Brennan  says. 
“Either  things  happen  very  rapidly  or  noth¬ 
ing  gets  done  at  all.  There’s  not  a  lot  of  mid¬ 
dle  ground.”  On  one  occasion,  Brennan  saw 
an  implementation  at  a  local  plant  grind  to 
a  halt  because  he  hadn’t  spent  enough  time 
bringing  plant  executives  on  board. 

Having  a  local  second-in-command  is 
invaluable,  as  Bandrowczak  has  also  found 
out.  His  local  expert  in  residence  is  actually 
the  former  CIO  of  Lenovo,  Xiayon  Wang. 
“She  had  tremendous  experience  and  was 


“In  China,  to  work 
for  the  internal 
IT  department  is 
considered  a 
service  job.  The 
core  business  is 
not  IT.  They’d  rather 
work  for  a  vendor.” 


-CHARLES  WAN,  FORMER  CIO, 
MIDEA 


PHOTO  BY  THOMAS  BROENING 


»  IP  security  requirements  grinding  your  branch  office  productivity  to  a  halt?  Juniper  Networks’ 
Secure  and  Assured  WAN  solution  features  multi-layered  network  and  application-level 
protection  plus  enough  horsepower  to  ensure  your  security  solution  never  becomes  a  LAN 
or  WAN  bottleneck. 

Juniper’s  Secure  Services  Gateway  is  an  innovative  powerhouse,  delivering  WAN  connectivity 
plus  the  muscle  to  protect  your  high  speed  LAN  (while  competitive  products  slow  performance 
dramatically  when  adding  security  features).  So  Juniper  your  net:  www.juniper.net/ssg 


Juniper 

‘  qOt 

Net™ 


1.888. JUNIPER 


Career 


Life  in  China 

The  career  opportunities  are  huge.  But  so  are  the  costs  to  your 
family,  your  health  and  your  freedom. 


As  CIO  of  Lenovo,  Steve  Bandrowczak 
shuttles  back  and  forth  between  New 
York  and  Beijing  once  a  month.  The 
travel  is  tough.  “The  biggest  sacrifice  is 
to  your  family  and  to  yourself,”  he  says. 
But  that's  just  the  cost  of  doing  busi¬ 
ness  for  corporate  IT  executives  today. 
“Anytime  you're  in  a  global  leadership 
position,  you’re  goingto  spend  a  signifi¬ 
cant  amount  of  time  traveling." 

The  bigger  leap  is  moving  to  China 
for  an  extended  period  of  time— or  for 
good.  Most  foreign  CIOs  will  move  into 
an  expatriate  community— either  apart¬ 
ment  complexes  or  gated  communities. 
“There’s  Starbucks,  health  clubs,  west¬ 
ern  style  shopping,”  says  Matt  Brennan, 
who  lived  in  China  for  five  months  as 
the  interim  CIO  for  automotive  parts 
distributor  Asimco.  “It's  nice.” 


But  there  are  challenges.  Health  care 
is  not  up  to  American  standards.  And 
those  executives  who  bring  their  chil¬ 
dren  will  have  to  pay  for  expensive  pri¬ 
vate  schools,  whose  tuition  rivals  private 
colleges  in  the  United  States.  Pollution 
is  a  problem  in  every  large  Chinese  city, 
as  is  the  lack  of  freedom  to  move  around 
the  country. 

Yet  living  and  working  in  China  may 
be  more  difficult  for  Chinese  nationals 
who  return  from  the  United  States. 

When  Charles  Wan  became  CIO  of 
Shenzhen-based  appliance  maker 
Midea,  he  moved  his  family  to  a  large 
employee  housing  compound,  where 
there  was  a  garden,  a  pool,  a  restaurant 
and  a  school— "everything  clean  and 
organized,”  Wan  explains.  “But  outside, 
it  was  a  different  world:  dirty,  noisy,  busy 
and  crowded.”  His  American- 
bred  daughter  rebelled.  “This 
place  stinks,"  she  told  Wan,  and 
never  wanted  to  venture  outside 
the  walls  again.  After  several  vis¬ 
its,  his  wife  and  daughters 
decided  life  in  China  just  wasn’t 
for  them. 

There  is  also  widespread 
mistrust  of  Chinese  who  return 
home  after  years  in  the  United 
States.  “Even  though  the  gov¬ 
ernment  wants  to  welcome 
back  overseas  Chinese,  people 
inside  China  perceive  us  very 
differently,”  says  Wan.  Still,  Wan 
remains  captivated  by  China’s 
potential.  He’s  seeking  out  a 
patent  for  new  technology  that 
would  serve  both  the  Chinese 
and  global  market,  and  hasn’t 
ruled  out  a  full-time  return  to 
his  native  land. 

-S.O. 

All  the  traveling  to  China  takes 
its  toll,  and  “the  biggest  sacri¬ 
fice  istoyourfamily  and  to 
yourself,"  says  Lenovo  Group 

CIO  Steve  Bandrowczak. 


the  head  architect  and  lead  change  agent  at 
Lenovo,”  says  Bandrowczak,  who  divides 
his  time  in  Beijing  among  the  local  IT  team, 
the  business  heads  and  the  local  factories. 
Wang  didn’t  have  the  global  deployment 
experience  to  continue  on  in  the  CIO  role 
immediately  following  Lenovo’s  acquisition 
of  IBM’s  PC  division  but  stayed  on  as 
Bandrowczak’s  lieutenant  in  Beijing.  “She’s 
been  extremely  valuable  to  me,”  he  says. 

THE  FINAL  FRONTIER 

Besides  the  challenges  on  the  ground  in 
China,  there  is  the  challenge  of  time  and  dis¬ 
tance  for  those  trying  to  maintain  a  link  with 
the  United  States.  Wan,  for  example,  even¬ 
tually  left  Midea,  returning  to  the  United 
States  because  the  job  was  putting  too  much 
stress  on  his  family  relationships  (see  “Life 
in  China,”  this  page).  But  not  a  week  goes  by 
that  he  doesn’t  hear  about  another  CIO 
opportunity  there.  “I  get  calls  from  China 
all  the  time,  asking  me  to  come  back,”  Wan 
says.  “The  demand  for  qualified  IT  leaders 
over  there  is  only  going  to  increase.” 

But  the  real  lure  of  China  is  the  unique 
challenge  it  presents  to  CIOs.  The  frontier, 
after  all,  has  always  called  out  to  pioneers, 
promising  the  satisfaction  and  glory  of  tri¬ 
umphing  over  difficulties,  the  more  exotic 
the  better. 

“Change  management  here  in  China  is 
more  complex  and  takes  more  time,”  says 
Brennan.  “You’ll  definitely  run  into  road¬ 
blocks.  Some  are  political.  Some  are  orga¬ 
nizational.  Others  have  to  do  with  a  lack  of 
local  vendors  and  consultants.  It’s  not  a 
good  environment  for  someone  who’s  eas¬ 
ily  discouraged.  But  if  you  keep  at  it,  you’ll 
find  the  positive  spirit  over  here.” 

“What  drives  me  personally  is  looking 
at  where  can  I  make  my  mark  and  leave 
something  that’s  very  memorable,”  says 
Bandrowczak.  “If  you  think  about  the  story 
of  Lenovo,  a  Chinese  company  that’s  trying 
to  compete  in  a  global  market  in  an  industry 
that’s  very  tough— and  at  the  heart  of  its 
success  or  failure  will  be  the  enablement  of 
IT— that’s  a  story  that  will  only  be  told  once. 
And  that’s  the  job  I  signed  up  for.”  HH 


Senior  Editor  Stephanie  Overby  writes  frequently 
about  offshoring.  She  can  be  reached  at  soverby 
@c  io.com. 


lijm 


PHOTO  BY  JEFF  WEINER 


IT’S  A  DEMAND-DRIVEN  WORLD.  BE  A  DEMAND-DRIVEN  ENTERPRISE.  It's  time  to  make  customer  demand  drive  your  supply  chain,  your 
products,  your  entire  enterprise.  SSA  Global  delivers  the  extended  ERP  solutions  you  need  to  help  make  the  demand-driven 
supply  chain  a  reality -across  new  product  development,  sales  and  operations  planning,  supply  and  demand,  operations 
and  logistics.  Let's  get  started. 


Download  Demand  Drives,  your  guide  to  becoming  a  demand-driven  enterprise, 
at  www.ssaglobal.com/demanddrives/na.  Or  call  1 -87 7-SSA-GLOBAL  (1-877-772-4562). 


CPM  CRSVi  ERP  FIVS  H  C  M  P  UV!  SCM  S  R  M 


sssSr! 


global 


forward  faster 


©  2006  Copyright  SSA  Global  Technologies,  Inc.  and  its  Subsidiaries  and  Affiliates.  All  rights  reserved.  The  SSA  Global  logo,  SSA  Global,  SSA,  and  forward  faster  are  trademarks  of  SSA  Global  Technologies,  Inc. 


'  - 


y  •’  .  ^  ,'J‘  ‘-  *ii  ■ 

Kf  •  ,  .'  .  ",  '-’  Y  -, 

fBPK0S*p£  *  ;  :  •■*?■' -8  ;■:  • 

iV’/V"  ‘  * 


f..  '  j  - 


..  .  lit-  .  •  •'*  <  ,  o'  « 

V  t  /..’»■  •■  ;■  *':••  • 

4  *  -  1  r  . 


August  20-22,  2006 

Hotel  Del  Coronado 
Coronado,  California 


8th  Annual 

cioioo 

SYMPOSIUM  &  AWARDS  CEREMONY 

DELIVERING  INNOVATION  TO  THE  ENTERPRISE 


CIO  100  Symposium  is  the  premier  place  for  CIOs  to  exchange 
ideas  with  their  peers  across  all  industry  segments  as  noted 
thought  mavens  and  recognized  leaders  in  the  CIO  community 
explore  how  to  develop,  implement  and  capitalize  on 
innovation  most  effectively. 


To  register  or  for  more  information 

call  800.355.0246  or  visit 
www.cio.com/conferences 


SESSION  HIGHLIGHTS 


Where’s  the  Next  Wave  of 
IT  Innovation  Coming  From? 

If  innovation  is  the  key  to  the  future, 
where  are  our  next  innovators  going 
to  come  from  and  how  will  that  affect 
businesses  here  and  around  the  world? 

Tapping  Internal  Creativity 

Approaches  to  innovation  can  be  as 
varied  as  the  initiatives  it  produces. 
Foster  creative  thinking  and  your 
employees  will  provide  original  ideas 
and  pioneer  new  products.  Hear  from 
CIO  100  winners  who  discovered  and 
developed  their  internal  innovation 
sources. 

U  SOA— Are  You  Ready? 

Qi  Service-oriented  architecture  (SOA) 
O  allows  IT  to  respond  quickly  to  new 
^4  business  needs  to  deliver  applica¬ 
tions  in  real  time,  or  on  demand. 
Discuss  the  latest  developments 
O  and  implementation  strategies 
with  this  leader  in  the  field. 


Why  Not  “Not  Invented  Here”? 

Innovation  labs,  design  firms  and 
consultants  are  playing  an  increasingly 
large  role  in  the  pursuit  of  innovative 
ideas.  For  many  companies  the  once 
firmly  held  belief  that  innovation  had  to 
be  homegrown  is  falling  by  the  wayside. 
Learn  how  this  company  is  maximizing 
their  outsourcing  partnerships,  real¬ 
izing  a  new  way  of  doing  business  and 
generating  innovation  from  outside  the 
company. 

Oh,  And  One  More  Thing . 

What  is  it?  What  is  the  one  thing  more 
you  need  to  know,  learn  and  take  away 
from  this  experience?  Hear  from  an 
innovation  guru  on  just  what  that  one 
more  thing  might  be. 

WHO  SHOULD  ATTEND 

Leaders  in  the  CIO  community, 
who  want  to  explore  how  to 
develop,  implement  and  capitalize 
on  innovation. 

In  other  words,  you. 


CIO  100  Symposium  Awards 
are  proudly  underwritten  by 


Sybase 


Official  Host  Sponsors 

:::  BlackBerry 


WIRELESS  DEVICES 


i  R  l  s  e' 

VISUALIZE.  INNOVATE.  DELIVER™ 


APPLICATION  DEFINITION  SOFTWARE 


red  hat 


OPEN  SOURCE 


Symantec, 


SECURITY 


14th  annual 

INNOVATION  TAKES  CENTER  STAGE 

CIO  100  Awards  Ceremony 

Celebrate  lOO  winners  with  lOO  innovative 
technology  solutions  that  revolutionized 
lOO  world  class  organizations. 

Register  Now. 

www.cio.com/conferences 


CIO  100  Symposium  &  Awards  Welcome  to  the  Conversation. 


Sponsored  by 


%i-  INTERWOVEN 


Microsoft 


Executive 

Circle 


Satyam 


What  Business  Demands. 


Presented  by 


Business 

Technology 

Leadership 


Mid-Market 


84 


IN  THE  MIDDLE 


Life  as  a  small- or 
mid-market  CIO  may  be 
one  of  the  toughest 
challenges  in  IT. 
Here’s  how  a  few  IT 
leaders  in  this  space 
have  persevered  and 
even  flourished. 

BY  MATT  VILLANO 


MAGINE  NEEDING  TECHNOLOGY  BUT  NOT 
having  the  resources  to  spend  on  it.  Imagine  being  so 
busy  reacting  to  problems,  you  never  have  time  to  plan 
for  the  future.  Imagine  being  so  overwhelmed  by  new 
reporting  regulations,  you  can  barely  get  your  staffers 
to  update  their  passwords.  Imagine  trying  to  tackle  these 
issues  with  a  gaggle  of  outsourced  workers,  or  a  tiny, 
overworked  and  underqualified  staff. 

Most  mid- market  CIOs  don’t  have  to  strain  their 
imaginations;  these  are  the  facts  of  their  lives. 
Indeed,  life  in  the  mid-market  is  hard.  Companies 
with  annual  revenue  between  $50  million  and 
$1  billion  have  the  same  fundamental  problems 
as  enterprises  in  the  Fortune  1000— resources, 
time  management,  compliance  and  staffing— but 
mid-market  CIOs  must  address  them  in  an  entirely 
different  manner  than  their  wealthier  counterparts. 

Indeed,  recent  data  from  CIO’s  “The  State  of  the  CIO 
2006”  survey  found  that  technology  leaders  in  small 
and  midsize  companies  are  far  more  hands-on  than 
their  counterparts  at  larger  firms.  At  the  same  time, 
while  their  brethren  at  larger  companies  usually 
report  straight  to  the  top,  IT  leaders  at  smaller  com¬ 
panies  often  report  to  second-tier  managers,  mak- 


Reader  ROI 

::  Why  it’s  so  difficult  to 
be  the  CIO  of  a  small 
or  midsize  company 

::  How  to  survive,  even 
flourish,  in  this  role 

::  The  pros  and  cons  of 
outsourcing 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  GARY  BENSON 


in  recruiting  IT  staff  to 
Cascade  Designs,  CIO 

KEN  MEIDELL  has 

found  that  hiring  workers 
out  of  college  and  giving 
them  perks  and  good 
benefits  helps  him  com¬ 
pete  with  Microsoft  and 
other  local  powerhouses. 


Mid-Market 


ing  communication  even  more  critical. 

“Mid-market  CIOs  are  always  fighting 
fires,”  says  Laurie  McCabe,  vice  president 
of  the  small  and  midsize  business  solutions 
group  at  Access  Markets  International  Part¬ 
ners,  a  research  organization  in  New  York. 
“In  that  environment  it’s  tough  to  think 
about  the  bigger  picture,  but  the  advantage 
they  have  is  that  if  they  can  carve  out  the 
ability  to  look  ahead,  they  can  be  more  agile 
and  flexible  than  a  larger  company.” 

As  McCabe  suggests,  those  CIOs  who 
can  deal  deftly  with  the  problems  they  face 
in  the  mid-market  need  to  have  something 
extra,  a  bit  of  wizardry.  Larry  Bonfante, 
Greg  Seyk,  Jim  Taylor  and  Ken  Meidell  are 
four  who  lead  by  example,  constantly  inno¬ 
vating  in  a  drive  to  compete.  These  tech¬ 
nologists  speak  philosophically  about  the 
challenges  they  face,  and  recognize  that  like 
most  small  businesses,  they  have  to  work 
two  or  three  times  as  hard  as  the  big  boys  to 
succeed.  Still,  it  seems  none  of  them  would 
have  it  any  other  way. 

“Is  being  a  CIO  in  the  mid-market  more 
challenging  than  being  a  CIO  at  a  bigger 
firm?  You  bet  it  is,”  says  Bonfante,  CIO  of  the 
United  States  Tennis  Association  (USTA), 
the  $220  million  organization  that  runs  the 
annual  U.S.  Open  tennis  tournament.  “But 
nowhere  else  can  you  really  feel  like  you’re 
making  a  difference  every  single  day.” 

PUTTING  OUT  FIRES 

CIOs  at  big  companies  strive  to  minimize 
costs  by  forecasting  systems  development 
projects  so  they  are  not  caught  by  surprise. 
However,  at  many  mid-market  companies, 
this  kind  of  IT  planning  is  difficult  at  best 
because  these  technology  leaders  already 
have  so  much  to  worry  about.  CIOs  who 
run  businesses  in  this  boat  describe  their 
leadership  approach  as  reactive,  and  their 
strategy  as  one  of  survival. 

Early  in  his  career,  when  Larry  Bonfante 
served  as  an  IT  executive  at  pharmaceuti¬ 
cal  firm  Pfizer,  he  had  the  option  of  dele¬ 
gating  problems  to  someone  else.  Now,  as 
CIO  of  a  small  organization  with  limited 
staff,  he  must  get  personally  involved  with 
just  about  every  operational  hiccup  to  make 
sure  it  is  solved  appropriately. 

A  perfect  example  is  the  U.S.  Open  itself. 
The  late-summer  event  brings  in  $185  mil- 

86  JUNE  15,  2006  |  www.cio.com 


Five  Tips 

lor  the 

Mid-Market 

CIO 

Overseeing  IT  at  a 
small  or  midsize 
business  is  a  lot 
more  challenging 
than  overseeing  IT 
at  a  Fortune  1,000 
firm.  Here  are  some 
secrets  to  success: 

1.  Look  outside  the 

enterprise  to  outsourcing 
providers  and  vendors 
for  help  with  complicated 
projects. 

2.  Don’t  be  afraid  to  get 

your  feet  wet  and  jump 
in  to  handle  “emergency" 
situations. 

3.  Work  hard  at  managing 
up  and  maintaining  good 
communications  with  top 
executives,  whether  or  not 
you  report  to  them. 

4.  Recruit  and  retain 

staffers  with  an  attractive 
mix  of  flexibility  and 
independent  projects. 

5.  Make  a  case  for  IT 

investments  based  on 
how  they  will  help  your 
company  comply  with 
federal  regulations  such  as 
the  Sarbanes-Oxley  Act. 


lion  in  revenue,  and  Bonfante  and  his  staff 
of  eight  have  a  budget  of  approximately 
$6  million  for  the  entire  year,  and  they  must 
use  a  portion  of  that  to  provide  technology 
for  the  tournament.  Whether  it  is  setting 
up  electronic  scoring  systems,  or  making 
sure  reporters  have  wireless  access  at  the 
tennis  facility  in  Flushing,  Queens,  Bon¬ 
fante  and  his  IT  team  quite  literally  run  all 
over  New  York  City  to  make  sure  USTA 
technology  is  performing  the  way  it  should. 

“I’m  up  to  my  ears  in  alligators,”  Bonfante 


says.  He  describes  the  annual  event  that 
spans  from  late  August  to  early  September  as 
an  “exhilarating  but  exhausting”  endeavor 
that  draws  hundreds  of  thousands  of  visi¬ 
tors.  “A  good  thing  about  mid-market  com¬ 
panies  is  the  lack  of  bureaucracy,  but  this 
means  that  when  things  go  wrong,  you’re 
right  there  in  the  middle  of  everything.” 

Bonfante,  for  example,  had  to  get 
involved  when  his  organization’s  Web 
domain  expired  earlier  this  year.  The  black¬ 
out  occurred  after  the  director  of  service 
delivery  for  USTA  failed  to  renew  the  serv¬ 
ice  with  website  registrar  Network  Solu¬ 
tions.  The  provider  suspended  service  and 
shut  down  the  site;  only  after  Bonfante 
called  Network  Solutions  and  paid  a  $45 
reactivation  fee  was  the  site  repopulated. 

Complicating  matters  is  the  fact  that 
USTA  board  members,  many  of  whom  are 
former  tennis  professionals  with  little  IT 
experience,  expect  Bonfante  to  spend  time 
with  them  during  their  board  meetings 
during  the  course  of  the  year.  During  these 
meet-and-greets,  Bonfante  says  he  must 
market  IT  to  board  members  and  the  busi¬ 
ness  side  of  the  organization.  He  estimates 
that  he  spends  a  “fair”  amount  of  his  time 
with  executives  and  hints  that  this  time 
could  be  better  spent  in  the  trenches  to  deal 
with  the  day-to-day  operations. 

“There  is  an  ongoing  marketing  and  edu¬ 
cation  effort  that  comes  with  the  job,  but 
sometimes  it’s  heavier  than  others  depend¬ 
ing  on  the  time  of  year,”  says  Bonfante,  who 
reports  to  the  CEO.  “It’s  making  sure  that 
people  at  board  level  understand  the  value 
of  IT  and  that  they  understand  how  we’re 
involved  in  every  aspect  of  the  business. 
That  takes  time,  and  there’s  nobody  else  to 
do  it  but  me.” 

LIMITED  RESOURCES 

It’s  no  secret  that  financial  resources  at 
small  and  mid-market  organizations  are 
considerably  more  limited  than  those  at 
bigger  companies.  With  this  in  mind,  many 
mid-market  CIOs  have  improvised  to  meet 
technology  needs  with  the  resources  they 
have.  As  CIO  and  vice  president  of  IT  at 
VisionQuest,  a  $70  million,  Tucson,  Ariz.- 
based  organization  for  at-risk  teens,  Greg 
Seyk  manages  four  IT  staffers  for  a  user 
base  of  700  (out  of  1,400  total  employees) 


Register  by  June  23rd  and  Save  $600! 

Online  at:  www.thesecuritystandard.net/CIOAl 
Or  Call:  1-800-643-4668 


Hynes  Convention  Center,  September  6-7,  2006 
Boston,  Massachusetts 


The  last  time  this  many  revolutionary 

thinkers  gathered  in  Boston 

_  _  _  _  _  _  _ _ 


the  world  changed  forever 


the  way  your  ent 
security... register 


Effective  security  management  has  become  a  critical  factor  in  the 
success  or  failure  of  an  organization.  To  help  you  develop  a  clear 
path  to  success,  IDG  invites  you  to  attend  The  Security 
Standard— an  exclusive  conference  detailing  the  most  effective 
strategies  to  transform  security  into  a  true  competitive  advantage. 


THE 

SECURITY 

STANDARD 


Hosted  by  Bob  Bragdon,  Publisher,  CSO  and  John  Gallant, 
President  &  Editorial  Director,  Network  World,  and  featuring  a 
visionary  keynote  from  John  Chambers,  CEO,  Cisco  Systems,  this 
conference  will  provide  you  with  real  world  insights  from  top  CIOs 
CSOs  and  enterprise  security  experts. 


The  Security  of  Business. 
The  Business  of  Security.™ 


Principal  Sponsors 
Cisco  Systems 


Microsoft 


Platinum  Sponsor 


Gold  Sponsors 

Cf  dtiris  Ar<S.?htfC  eiQ  ElftTUSt 

Lancope  nCircle"  ®  E33  ®Jrend 

Proactive  Network  Security  QUAlys  SECURITY'  ^ 


Sponsorship  opportunities  are  still  available  contact  Andrea  D'Amato  at  508-490-6520  or  adamato@nww.com  for  more  information 


An  IDG  Executive  Forum 


Produced  in  Cooperation  with: 


IDG 


m 


COMPUTERWORLD  CSO  lEmiiWOBLr  f^MoWorld 


Mid-Market 


When  Bonfante  worked  at  Pfizer,  he  could 
delegate  problems.  Now  as  CIO  of  a  smaller 
firm,  he  must  get  involved  with  just  about 

every  operational  hiccup. 


and  has  an  annual  budget  of  $1.2  million. 
Put  simply,  there’s  no  way  he  can  invest 
much  in  hardware. 

His  solution:  leasing  equipment  instead 
of  buying  it.  Seyk  has  turned  to  vendors 
such  as  Cisco,  Dell  and  IBM  for  three-  and 
four-year  leases  on  equipment.  All  leases 
include  maintenance  contracts  so  Vision- 
Quest  IT  isn’t  bogged  down  with  trou¬ 
bleshooting.  Seyk  says  this  strategy  provides 
an  advantage  because  leased  equipment  pro¬ 
vides  a  fixed  monthly  cost  that  is  easily  bud¬ 
geted  for  by  operations,  with  a  continual 
hardware  refresh  cycle  every  36  to  48 
months  as  the  leases  expire. 

“Our  operations  department  perceives 
technology  as  a  fixed  monthly  expense  like 
any  other  ‘utility,’  rather  than  an  asset  that 
depreciates  and  must  then  be  replaced  with 
a  new  capital  investment,”  says  Seyk,  who 
reports  to  his  company’s  CFO.  “It  could  be 
argued  that  my  fixed  expense  changes  over 
time,  but  because  older  technology  improves 
as  it  is  replaced  with  newer  technology,  our 
technology  generally  continues  to  support 
the  business  expansion  without  a  com¬ 
mensurate  incremental  capital  We®nent.” 

Seyk  says  his  relationship  with  his  ven¬ 
dors  is  critical  to  making  ends  meet.  In  Jan¬ 
uary,  when  the  company  inked  a  four-month 
deal  with  IBM  to  install  a  new  wide-area  net¬ 
work  (WAN),  Seyk  insisted  that  the  vendor 
include  a  full-time  project  manager  so  Seyk 
would  not  have  to  hire  a  new  employee  to 
manage  the  deal  or  train  one  of  his  current 
employees  to  do  it.  The  results  of  this  nego¬ 
tiation  were  savings  of  at  least  $75,000— 
what  it  would  have  cost  to  hire  for  one 
full-time  spot.  (Once  the  WAN  is  installed, 
VisionQuest  will  maintain  it.) 

Seyk  says  he  plans  to  apply  the  same 


Larry  Bonfante,  CIO  of  the 

United  States  Tennis  Association 


8  8 


JUNE  15,  2006  |  www.cio.com 


PHOTO  BY  EVAN  KAFKA 


PhHHmhhHHI 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s 
Information  Availability.  It’s  what  your  employees,  suppliers 
and  customers  demand  every  minute  of  every  day.  But  to 
deliver  it  flawlessly,  you  need  a  massive  global  infrastructure, 
redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities. 
That’s  exactly  what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and 
save  your  company,  on  average,  25%*  versus  building  the 
infrastructure  yourself.  Plus,  it’s  a  vendor  neutral  solution  that 
lets  you  control  your  data,  applications  and  network  while 
giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving 
business  problems  and  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard 
to  restore  their  systems  when  something  went  wrong.  So,  it’s  not 
surprising  that  they’re  now  turning  to  us  to  mitigate  risk  and 
make  sure  they  never  go  down  in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up  and  running.  We 
want  the  same  thing.  Let’s  get  together.  To  learn  more,  contact  us  at 
1-800-468-7483  or  go  to  www.availability.sungard.com/masteria  and 
get  your  free  copy  of  the  book  “Mastering  Information  Availability.” 

SUNGARD®  k“P7  Peo?lc 

^  and  Information 

Availability  Services  Connected, ,™ 

•Potential  savings  based  on  IDC  Whits  Paper,  Ensuring  Information  Availability:  Aligning  Customer 
Needs  with  an  Optimal  Investment  Strategy. 


Mid-Market 


strategy  during  a  forthcoming  upgrade 
from  Lawson  Software  version  7.22  to  Law- 
son  Software  version  8.03.  This  time, 
instead  of  negotiating  a  project  manager 
from  Lawson  directly,  Seyk  outsourced  the 
deal  to  Salient,  a  provider  that  specializes  in 
these  types  of  implementations,  and  con¬ 
vinced  the  firm  to  “throw  in”  a  full-time 
human  liaison  to  see  the  job  through  until 
completion  in  January  2007. 

“In  theory,  [this  person]  will  keep  our 
project  moving  from  a  company  perspective 
and  will  work  with  the  individuals  who  are 
responsible  for  each  particular  area,”  says 
Seyk,  who  adds  that  overall,  the  project  will 
cost  about  $600,000.  “He  will  be  respon¬ 
sible  for  keeping  the  project  headed  in  the 
right  direction.” 

COMPLIANCE  WOES 

CIOs  at  nonprofit  organizations  such  as 
USTA  and  VisionQuest  don’t  have  to  worry 
too  much  about  stringent  new  federal  report¬ 
ing  requirements.  For  CIOs  at  mid-market 
firms  that  are  publicly  traded,  however,  leg¬ 
islation  such  as  the  Sarbanes-Oxley  Act 
(Sox),  the  Gramm-Leach- Bliley  Act  and  the 
Health  Insurance  Portability  and  Account¬ 
ability  Act  exact  a  particularly  heavy  toll. 

These  laws  require  companies  to  focus  on 
reporting,  hiring  audit  firms  to  make  sure 
information  is  accurate,  and  installing  com¬ 
plicated  IT  infrastructures  that  prove  finan¬ 
cial  and  private  customer  information  is 
secure.  The  problem,  of  course,  is  that  mid¬ 
market  companies  simply  don’t  have  the 
financial  or  human  resources  to  perform 
these  tasks,  making  an  already  tenuous  sit¬ 
uation  even  more  tense  for  everyone  from 
programmers  to  the  CIO. 

Jim  Taylor,  corporate  IT  manager  at 
Westmoreland  Coal,  a  $333  million  com¬ 
pany  in  Colorado  Springs,  Colo.,  says  that 
before  Sox  became  law  in  2003,  his  depart¬ 
ment  had  no  formal  auditing  processes  in 
place  at  all.  In  July  of 2003,  the  department 
issued  11  policies  for  adoption  that  spell  out 
how  the  organization  will  tackle  everything 
from  disaster  recovery  to  technology 
refresh. 

Many  of  these  policies  are  derived  from 
the  Cobit  framework,  an  open  standard  for 
control  over  information  technology,  devel¬ 
oped  and  promoted  by  the  IT  Governance 


A  Little  Help  from  Your  Friends 

When  you’re  the  CIO  for  a  small  or  mid-market  company, 
outsourcing  makes  sense— unless,  of  course,  IT  innovation 
is  a  competitive  differentiator  for  your  company 


WHEN  MID-MARKET  CIOS 

can’t  find  or  keep  staffers  to  tackle 
certain  tasks,  many  farm  out  the  jobs 
to  ease  the  burden  on  their  already 
overworked  staff.  The  upside  to  out¬ 
sourcing  undoubtedly  is  the  ability  to 
add  capabilities  that  are  beyond  your 
staff  and  resources.  The  downside  is 
that  outsourced  technologies  aren’t 
yours  to  keep  and  innovate  with, 

At  Jacob  Stern  &  Sons,  a  $300  mil¬ 
lion  fragrance  chemical  maker, 
Director  of  IT  Dale  Polekoff  out¬ 
sources  complicated  programming 
jobs  such  as  business  intelligence 
because  he  says  it’s  easier  to  shift 
responsibility  for  specific  technolo¬ 
gies  to  outside  specialists  than  to 
teach  one  of  his  three  frantic  staffers 
new  tricks.  Even  so,  Polekoff  says  he 
spends  “far  too  much  time”  getting 
some  of  his  third-party  service 
providers  to  understand  what  the 
company’s  needs  are,  and  how  those 
needs  fluctuate  depending  on  the 
vagaries  of  the  chemical  market. 

“Third  parties  change  staff  all  the 
time,  and  as  a  mid-market  company, 
we  sometimes  find  ourselves  rein¬ 
venting  the  wheel  for  them,”  says 
Polekoff.  Still,  he  notes,  the  benefits 
far  outweigh  these  burdens. 

To  avoid  communication  mix-ups, 
some  mid-market  CIOs  build  long¬ 
standing  outsourcing  agreements 
around  external  partners  who  have 
performed  successfully  in  the  past. 
For  example,  at  the  American  Dia¬ 
betes  Association  (a  $210  million 
nonprofit),  Frank  Hoose,  senior  VP  of 


information  technology  and  admin¬ 
istration,  farms  out  Oracle  scripting 
to  the  same  few  solution  providers, 
some  of  which  the  firm  has  worked 
with  for  years.  Because  Hoose 
doesn’t  have  programmers  on  staff, 
he  says  that  turning  to  these 
“trusted”  partners  just  makes  sense. 

CIO  Mykolas  Rambus  does  the 
same  thing  at  W.P.  Carey,  a  $218 
million  investment  firm  focused  on 
corporate  real  estate  finance.  Ram¬ 
bus,  who  reports  to  the  IS  steering 
committee,  has  so  much  success 
with  a  local  house  of  developers  that 
he  sends  all  of  his  development  proj¬ 
ects  their  way.  It’s  not  that  Rambus 
doesn’t  have  the  skills  on  his  IT  staff 
to  get  programs  written;  on  the  con¬ 
trary,  he  says  he  employs  some 
pretty  talented  people.  Still,  with  so 
much  to  do  and  so  little  time  to  do  it, 
Rambus  says  he’d  rather  have  his 
staffers  focused  on  bigger  things 
such  as  leveraging  CRM  systems. 

Under  an  outsourcing  arrange¬ 
ment,  CIOs  can  still  innovate  as  they 
would  if  they  were  doingthings  on 
their  own,  Rambus  and  others  say. 
They  can  send  out  an  RFP  for  work 
on  new  technology,  or  ask  a  trusted 
partnerto  learn  a  new  skill.  The  only 
downside?  In-house  programmers 
aren’t  learning  new  technology. 

“Our  value  is  interfacing  with 
business  units,  not  in  programming,” 
he  says.  “At  the  end  of  the  day,  we 
don’t  want  to  be  a  bottleneck  to  a 
business  process  because  our  best 
people  are  off  writing  code.”  -M.V. 


Institute  in  Rolling  Meadows,  Ill.  Still,  the 
policies  themselves  aren’t  what  costs  money; 
according  to  Taylor,  “it’s  the  technology  that 
drives  them  that  costs  a  ton.”  For  West¬ 


moreland,  that  “ton”  has  totaled  $1.5  mil¬ 
lion  so  far,  including  fees  to  auditing  firm 
KPMG.  There’s  a  silver  lining  here,  how¬ 
ever:  Taylor  says  that  the  law  has  finally 


9  0 


JUNE  15,  2006  |  www.cio.com 


We  are  proud  to  be  recognized  for  providing  “An  Outstanding 
Customer  Service  Experience”  by  the  J.D.  Power  and  Associates 
Certified  Technology  Service  and  Support  Program. 
There’s  a  new  way  to  look  at  it. 


xerox.com/support  1-800-ASK-XEROX 


XEROX. 


Technology  |  Document  Management  |  Consulting  Services  | 


©2006  XEROX  CORPORATION.  All  rights  reserved.  XEROX®  and  There's  a  new  way  to  look  at  it®  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 

J.D.  Power  and  Associates  Certified  Technology  Service  and  Support  Program?”  developed  in  conjunction  with  the  Service  &  Support  Professionals  Association  (SSPA).  For  more  information,  visit  www.jdpower.com  or  thesspa.com. 


Mid-Market 


The  promise  of  hands-on  work  with  all  of  the  latest 
technologies  can  make  a  smaller  company  stand 

out  from  the  crowd  in  attracting  good  talent. 


given  him  leverage  to  implement  some  of 
the  applications  he  has  wanted  all  along. 

Case  in  point:  the  company  now  has  a 
new  Denver  data  center  to  run  a  JDEdwards 
Enterprise  One,  which  coordinates  payroll 
and  finance  systems  that  previously  had 
been  implemented  at  a  number  of  remote 
sites.  Taylor,  who  reports  to  the  vice  presi¬ 
dent  of  administration,  invested  in  this  data 
center  last  year  to  centralize  new  systems 
designed  to  comply  with  Sox.  Today,  the 
new  facility  also  houses  a  storage  area  net¬ 
work  and  document  management  system 
and  will  soon  house  the  company’s  primary 
e-mail  exchange  server.  All  of  these  tech¬ 
nologies  were  bought  and  implemented 
with  regulatory  compliance  in  mind. 

To  set  up  this  data  center,  Taylor  called 
upon  the  services  of  Dimension  Technology 
Systems.  Though  nobody  from  the  com¬ 
pany  possessed  a  Statement  on  Auditing 
Standards  (SAS)  certification  originally 
developed  by  the  American  Institute  of  Cer¬ 
tified  Public  Accountants,  Taylor  convinced 
the  firm  to  send  its  consultants  to  school 
for  this  knowledge  so  they  could  deliver 
the  kind  of  compliance  Westmoreland 
required. 

“It  is  a  major  expense  for  our  solution 
provider,”  Taylor  says  of  the  SAS  70  class. 
“They  are  committing  to  it  because  they 
realize  that  in  the  compliance-driven  mar¬ 
ketplace  of  today,  if  they  don’t  do  it,  they’ll 
be  left  out  of  opportunities  in  every  mar¬ 
ket.”  (For  more  on  the  pros  and  cons  of  out¬ 
sourcing,  read  “A  Little  Help  from  Your 
Friends”  on  Page  90.) 

STAFFING  STRUGGLES 

Attracting  and  keeping  good  talent  is  an 
important  issue  for  all  CIOs,  but  it  is  par¬ 
ticularly  challenging  for  those  in  the  mid¬ 
market,  according  to  “The  State  of  the  CIO 
2006”  survey.  Larger  companies  with  big¬ 
ger  budgets  simply  can  pay  more.  And 
because  so  many  mid-market  IT  staffs  are 
understaffed  and  overworked,  the  burnout 


rate  is  high,  with  some  companies  losing 
talented  workers  in  droves  to  larger  and 
wealthier  companies. 

At  Cascade  Designs,  an  outdoor  equip¬ 
ment  manufacturer  in  Seattle  that  earned 
somewhere  around  $75  million  last  year, 
CIO  Ken  Meidell  has  learned  how  to  adapt 
to  this  challenge.  After  years  of  losing  out  to 
powerhouses  such  as  Boeing,  Microsoft  and 
Real  Networks  in  his  search  for  experienced 
programmers,  Meidell  finally  hit  on  the 
strategy  of  hiring  staff  members  straight 
out  of  college  and  appealing  to  them  with 
inducements  they  like:  flexibility,  individ¬ 
ual  freedom  and,  of  course,  camping  gear. 
So  far,  the  strategy  has  worked  wonders. 

To  do  this,  Meidell  contacts  recruitment 
offices  of  local  colleges  and  schedules  inter¬ 
views  with  computer  science  and  engi¬ 
neering  graduates  who  want  jobs  in  and 
around  the  Seattle  area.  Sure,  the  big  guns 
recruit  in  this  manner  as  well,  but  Meidell 
says  the  promise  of  hands-on  work  with 
all  of  the  latest  technologies  make  Cascade 
stand  out  from  a  crowd  of  companies  that 
can’t  promise  more  than  a  desk  in  a  cube 
farm.  Over  the  past  few  years,  the  company 
has  hired  employees  straight  from  IT  pro¬ 
grams  at  the  University  of  Washington, 
North  Seattle  Community  College  and 
Washington  State  University.  All  of  these 
employees  are  still  around. 

“There’s  nothing  wrong  with  homegrown 
talent,  especially  when  you  get  them  while 
they’re  young,”  says  Meidell,  who  reports  to 
the  company  CEO.  “We  plug  them  in  on  the 
help  desk,  then  after  a  year  or  so,  they  have 
a  good  idea  of  what  they’re  interested  in  and 
we  try  to  accommodate  that.” 

Once  Meidell  hires  these  young  guns,  he 
does  his  best  to  keep  them.  At  Cascade,  this 


“The  State  of  the  CIO  2006" 


To  read  highlights  from  the  latest  “THE  STATE 
OF  THE  CIO"  survey,  including  mid-market 
data,  go  to  www.cio.com/state.  £jq  £0m 


doesn’t  necessarily  mean  huge  monetary 
incentives:  instead,  retention  revolves 
around  flexibility.  So  long  as  they  spend  a 
few  days  in  the  office,  employees  are 
encouraged  to  telecommute  from  home. 
Once  employees  prove  they  are  reliable, 
Meidell  also  grants  them  flexibility  in 
choosing  their  projects.  If,  for  instance,  a 
programmer  is  interested  in  Linux,  Mei¬ 
dell  will  throw  the  bulk  of  the  company’s 
open-source  work  his  way. 

Another  benefit  of  working  at  Cascade, 
of  course,  is  the  gear.  The  company  makes 
sleeping  bags,  tents,  snowshoes,  back¬ 
packing  stoves  and  other  grown-up  toys 
for  those  who  love  the  outdoors.  While 
employees  are  not  entitled  to  these  prod¬ 
ucts  for  free,  workers  can  purchase  them  at 
significantly  discounted  rates,  a  real  treat 
for  the  crowd  in  the  Pacific  Northwest. 
“People  on  our  IT  staff  get  to  wear  shorts 
and  Chaco  sandals  to  work  in  the  summer,” 
Meidell  says.  “Even  after  the  dotcom  expe¬ 
rience,  I’m  not  sure  everyone  gets  to  do  that 
at  bigger  companies  these  days,  and  that 
makes  us  different.” 

Indeed,  reality  for  technology  leaders  at 
mid-market  companies  is  nothing  if  not  dif¬ 
ferent.  Whether  battling  challenges  in 
staffing,  compliance,  funding  or  time  man¬ 
agement,  CIOs  in  this  space  face  a  constant 
battle  to  make  the  most  of  the  resources 
they  have  and  still  turn  a  profit.  Most  of  the 
time,  this  is  a  truly  daunting  task.  Still, 
championing  IT  at  a  smaller  organization 
can  be  exhilarating  and,  as  any  one  of  these 
four  men  can  attest,  totally  fulfilling. 

“Running  technology  at  a  company  the 
size  of  mine  is  exciting,  exhausting  and 
just  about  everything  in  between,  but  at 
the  end  of  every  day,  I  think  to  myself  that 
even  at  some  of  the  biggest  companies  in 
the  world,  there’s  no  better  job  on  Earth,” 
Meidell  says.  HEJ 


Matt  Villano  is  a  freelance  writer  and  editor 
based  in  Half  Moon  Bay,  Calif. 


9  2 


JUNE  15,  2006  |  www.cio.com 


How  do  you  maximize 
the  value  of  IT? 


IT  is  still  one  of  the  most  misunderstood  functions  in  business. 

The  CIO  Executive  Council,  a  professional  community  developed  by  CIOs,  has  focused  its  members' 
collective  effort  on- this  challenge.  Their  initiative  has  resulted  in  groundbreaking  tools-the  IT  Value 
Matrix  and  Knowledge  Center™-to  help  leverage  the  value  of  IT  throughout  the  organization. 

The  IT  Value  Matrix  illustrates  the  principles  and  practices  essential  to  creating,  identifying  and 
communicating  IT's  value  to  the  enterprise.  Its  online  Knowledge  Center  provides  best  practices 
contributed  by  Council  members,  supplemented  by  case  studies  and  how-to  articles  from 
CIO  magazine  that  are  grouped  in  categories  that  correspond  to  all  the  components  of  the  Matrix. 


Visit  www.cioexecutivecouncil.com/it_value  to  get  your  own  copy  of  the  Matrix  and  to  watch 
the  IT  Value  webcast,  presented  by  Agriliance  CIO  and  Council  member  Steven  John. 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


The  CIO  Executive  Council  was  created  by  readers  of  CIO  magazine  and  leaders  within 
the  community  of  CIOs  to  leverage  the  individual  and  collective  strengths  of  its  members 
by  serving  as  unbiased  and  trusted  advisors  to  each  other,  and  by  advancing  the 
CIO  role  and  profession.  In  just  two  years,  more  than  300  CIOs  worldwide  from  various 
sectors  and  industries  have  identified  with  the  Council’s  vision  and  committed  to  assist 
each  other,  cultivate  their  own  careers  and  those  of  their  team,  and  advance  the  role  of  the 
CIO.  To  inquire  about  membership,  visit  www.cioexecutivecouncil.com. 


Founded  by 


Business 

Technology 

Leadership 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 
President  and  CEO 

Michael  Friedenberg 
508  935-4310 
Publisher 
Gary  J.  Beach 
508  935-4202 

EAST  COAST 

VP  Sales,  East 

Bob  Bragdon 
508  935-4443 

Regional  Sales  Manager 

Ellie  St.  Louis 
201 634-2332 

Senior  Sales  Associate 

Norma  Tamburrino 
201 634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  District  Sales  Manager 

Andrew  Haney 
508  935-4586 
Sales  Operations  Manager 

Dawn  Cora 
508  935-4092 
Fax -508  879-6063 

NORTH  CENTRAL 

Regional  Sales  Manager, 
Southwest 

Beth  DeVillez 
847  759-2727 

Advertising  Sales  Associate 

Kim  Giovanni 
847  759-2728 
Fax  •  847  759-2729 


WEST  COAST 

VP  Sales,  West 

Bob  Melk  •  415  975-2685 

Senior  Regional  Sales 
Manager 

Ai  Collins  *415  975-2686 
Regional  Sales  Manager 
Kevin  Ebmeyer  •  415  975-2684 
Account  Executive 
Derek  Jung  •  415  975-2683 
Fax  -415  543-2358 
Senior  Account  Executive 
Sara  Mascall*415  978-3385 
Ad  Sales  Associate 
Devon  Slattery  •  415  975-2687 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

ONLINE  SERVICES 
VP,  Integrated  Media 
and  Online  Sales 

Jim  Alla  *508  988-6763 

Western  Online  Sales  Manager 

Jennell  Hicks  •  415  243-8585 

Online  Account  Executive 

Danielle  Tetreault 
508  988-7969 

Online  Client  Services 
Specialist 

Valerie  Sumner  •  508  988-7877 

Online  Sales  Administrator 

Anne  Butera  •  508  988-6823 


CUSTOM 

PUBLISHING 

VP  of  Program 
Development,  IDG 
Charles  Lee  •  212  867-1229 
VP,  Integrated  Media 
and  Online  Sales 
Jim  Alla  *508  988-6763 
Director  of  Sales 
Mary  Gregory  •  508  988-6765 
Executive  Editor  and  Director 
of  Operations  Tom  Field 
Director,  Integrated  Project 
Management  Mo  Barrett 
Managing  Editor  Jim  Malone 
Senior  Project  Manager 
Amy  Greenleaf 
Project  Managers 
Karen  Capland, 

Jon  Heinrich 

LIST  SERVICES 

Contact  Paul  Capone  of  IDG 
List  Services  at  508  370-0865 
or  pcapone@idglist.com. 

REPRINT  SERVICES 

For  article  reprints  (100 
quantity  or  more),  please 
contact  Jennifer  Eclipse  at 
PARS  International  at  212  221- 
9595  x237  or  via  e-mail  at 
jeclipse@parsintl.com. 


CIO  is  published  in  the 
U.S.  as  well  as  in: 

Australia,  CIO  Australia 

www.idg.com.au 

Canada,  CIO  Canada 

cio.itworldcanada.com 

China,  CEO  &  CIO  China 

www.  ceocio.  com.cn 

France,  CIO  France 

www.idg.fr/cio 

Germany,  CIO  Germany 

www.cio.de 

India,  CIO  India 

91-80-521-0309/12 

Japan,  CIO  Japan 

www.idg.co.jp 

The  Netherlands, 

CIO  Netherlands  www.cio.nl 
New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 
Norway, 

CIO  Business  Standard 
www.business-standard.no 

Poland, 

CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/ 
Hong-Kong  www.idg.com.sg 
South  Korea,  CIO  Korea 
www.cio.seoul.kr 
Sweden,  CIO  Sweden 
www.cio.idg.se 


For  further  sales  information: 

www2.cio.com/marketing/ 

aboutcio/contacts.cfm 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention. 

This  index  is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

Pacific  Blue  Cross . 

. ...  44 

Hyperion  Solutions  Corp . 

. 43 

Ace  Hardware  Corp . 

...36 

Provide  Commerce  Inc . 

....  49 

IBM  Corp . 37,39,51,67 

American  Electric  Power . 

...49 

Sun  Microsystems  Inc . 

....  19 

IBM  Corp. (regional)  . 

. 82 

AMI  Partners  Inc . 

...84 

The  451  Group  . 

. ...  62 

Intel  Corp . 

. 53 

ARC  Advisory  Group . 

...19 

Transamerica  Life  Insurance  Co. 

....  49 

Internet  Security  Systems  . . . 

. 17 

ASIMCO  Technologies . 

...72 

W.P.  Carey  &  Co.  LLC . 

. ...  84 

Juniper  Networks  Inc . 

. 79 

Booz  Allen  Hamilton  Inc . 

...19 

Westmoreland  Coal  Co . 

. ...  84 

Kyocera  Mita  Corp . 

. 55 

Cascade  Designs  Inc . 

...84 

Whirlpool  Corp . 

. ...  49 

Mexico . 

. 71 

Christian  &  Timbers  . 

...72 

Wolf,  Greenfield  &  Sachs  P.C _ 

....  19 

Microsoft  Corp . 

C2, 10, 26 

Con-Way  . 

...49 

Motion  Computing,  Inc . 

. 47 

Current  Analysis  Inc . 

...62 

Pillar  Data  Systems  Inc . 

. 65 

Egon  Zehnder  International  . 

...72 

ADVERTISER  INDEX 

RightNow  Technologies  Inc. . . 

. 30 

Environics  Communications  Inc.  . 

...72 

3M  . 

...  .35 

Samsung  . 

. 2 

Fastenal  Co . 

...49 

Apani  Networks  Inc . 

. 13 

SAP . 

. 29 

Forrester  Research  Inc . 

...19 

AT&T  . 

.56, 57 

SAS  . 

. 18 

Gartner  Inc  . 

...49 

Brother  International  . 

...  .69 

Security  Standard,  The  . 

. 87 

Glacial  Lakes  Energy  LLC  . 

...19 

CDWCorp . 

. 41 

Siemens  Corp . 

. 15 

Heidrick  &  Struggles 

Citrix  Systems  Inc . 

. 21 

SSA  Global  Technologies  Inc. 

. 81 

International  Inc . 

...72 

Cognos  Inc . 

...  .59 

Sun  Microsystems  Inc . 

. C3 

IBM  Corp . 

...36 

Compuware  Corp . 

...  .23 

SunGard  Availability  Services 

. 89 

InStream  Financial  . 

...49 

CXO  Media  Inc.  . .  .25, 48, 66,  82, 93, 95 

Symantec  Corp . 

. 7 

Jacob  Stern  &  Sons  Inc . 

...84 

Dell  Inc . 

....  61 

VeriSign  Inc . 

. 45 

Lenovo  . 

...72 

EMC2  Corp . 

....  33 

Verizon  . 

. 77 

Mozilla  Corp . 

...19 

ESRI . 

. 9 

Verizon  Wireless . :. 

. C4 

OHCLLC  . 

...62 

Fujitsu  Computer  Systems  Corp. 

....  75 

Xerox  Corp . 

. 91 

Owens  Corning  . 

...49 

Hewlett-Packard  Co.(regional)  . 

. 5 

CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and 
Business  Offices:  CXO  Media  Inc., 
492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (IS  c.  Periodicals  postage 
paid  at  Framingham,  MA,  and  at 
additional  mailing  offices. 

Canada  Publications  Mail  Agree¬ 
ment  Number  1  902075.  CANA¬ 
DIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O. 
Box  1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2006 
by  CXO  Media  Inc.  All  rights 
reserved.  Reproduction  of 
material  appearing  in  CIO  is 
forbidden  without  written 
permission.  Send  all  requests 
to  Yadira  Pizarro,  PARS  Interna¬ 
tional,  212  221-9595,  Ext.  231, 
oryadira@parsintl.com. 

Photocopy  Rights:  Permission 
to  photocopy  for  internal  or 
personal  use  or  the  internal  or 
personal  use  of  specific  clients  is 
granted  by  CIO  for  users  through 
the  Copyright  Clearance  Center, 
provided  that  the  base  fee  of  $3 
per  copy  of  the  article,  plus  $.50 
per  page  is  paid  directly  to  Copy¬ 
right  Clearance  Center,  27  Con¬ 
gress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does 
not  extend  to  contributed  articles 
followed  by  this  symbol:  %. 

Subscriptions:  CIO  is  free  to  qual¬ 
ified  information  executives.  To 
apply,  use  our  online  subscription 
form  at  www.subscribe.cio.com. 
Subscriptions  are  also  available 
on  a  paid  basis  at  a  rate  of  $95  for 
the  United  States  and  Canada, 
$195  International  (payable  in 
U.S.  funds  only)  and  may  be 
ordered  online  at  www.subscribe 
.cio.com/services.html.  Or 
address  inquiries  to  CIO.  P.O.  Box 
489,  Northbrook,  IL  60065-0489: 
866  354-1125.  Please  allow  four 
to  six  weeks  for  a  new  subscrip¬ 
tion  to  begin.  The  single  copy 
price  is  $9  for  the  United  States 
and  Canada,  and  $15  Interna¬ 
tional.  Prepayment  is  required, 
payable  in  U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio 
and  follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  CIO,  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 
Printed  in  the  U.S. A. 


94 


JULY  1,  2006  |  www.cio.com 


CIO’s  e-Mail  Newsletters 

The  Updated 


Management  &  Enterprise 
Information  You  Want 

Delivered  right  to  your  desktop 

It’s  the  best  way  to  keep  one  step  ahead  of  the  competition. 


^  CIO  Blogs 

This  week’s  top  blog  postings. 

^  CIO  Careers 

Advice  for  your  career  plus  job  postings. 

1^  CIO  Enterprise 

Enterprise-level  technology  information, 
news  and  tools. 

CIOERP 

A  CIO’s  monthly  guide  for  enterprise 
resource  planning. 

1 ^  CIO  Information  Security 

Security  information  and  news  the  CIO 
needs  to  know  about. 

CIO  Insider 

Your  guide  to  the  latestfromCIO.com. 

CIO  Leader 

Updates,  insights  and  advice  from 
CIO.com  on  hiring,  firing  and  inspiring. 


CIO  Magazine  Tech  Poll 

Results  of  our  quarterly  survey,  covering  IT’s 
overall  health  as  well  as  spending  and  trends. 

( ^  CIO  News  Watch 

The  week’s  top  news  stories. 

^  CIO  Open  Source 

A  monthly  peek  at  what’s  happening  in  the 
open  source  realm. 

Si  CIO  Research  Update 

Highlights  of  CIO’s  most  recent  IT  research. 

^  CIO  SO  A 

Your  resource  for  service-oriented  and 
enterprise  architecture. 

^  CIO  Whitepapers 

Your  guide  to  new  and  upcoming  whitepapers. 

[ ^  CIO  Wireless 

Providing  information  on  emerging  wireless 
technologies  and  infrastructure. 


Sign  up  now  for  CIO’s  COMPLIMENTARY  e-mail  newsletters 

www.cio.com/newsletters 


Business  Technology  Leadership 


The  Universal  VendorTranslation  Machine 

Turning  vendor-speak  into  CIO  sense 


“Merger  of  equals" 

We  actually  believed  our  own  sales 
forecasts,  opening  us  up  to  a  hostile 
takeover.  In  six  months,  no  one  will 
remember  our  name. 

“Ajax-driven  Web  application” 

Guaranteed  to  crash  your  browser. 


“Fully  redundant” 

When  the  product  fails,  your  IT  staffers, 
working  by  the  light  of  kerosene  lanterns, 
may  be  able  to  restart  the  system  using  a 
length  of  stereo  wire,  some  Juicy  Fruit 
and  a  car  battery. 

“24/7  customer  support” 

You’re  welcome  to  call  and  talk  to  our 
automated  phone  system  anytime 
you  want. 

“Begins  shipping  later  this  quarter” 

We  use  the  terms  "quarter"  and  "decade” 
interchangeably  here. 

“The  leading  provider  of...” 

Just  got  the  venture  capital  firm's  check 
last  week  and  finally  moved  the  company 
out  of  the  dorm  room. 

“Backward  compatible” 

Version  2.0  is  guaranteed  to  read  files 
created  by  Version  1.9  for  at  least  five  (5) 
business  days. 


96  JUNE  15,  2006  www.cio.com 


“Open  source” 

You’ll  be  relying  on  Latvian  high  school 
drop-outs  for  upgrades. 

“Integrated  security" 

We  bought  a  little  firewall  startup  and 
grafted  their  code  onto  ours. 


“Ensures  SOX  compliance” 

When  your  CEO  and/or  CFO  winds  up 
behind  bars,  we’ll  send  brownies. 


“Free  six-month  trial” 

After  trial  ends,  salespeople  will  call 
you,  e-mail  you,  IM  you,  rent  blimps  to  fly 
over  the  links  while  you're  golfing  and, 
if  necessary,  camp  out  in  your  outer  office 
until  you  agree  to  buy  the  product. 

“Enterprise-grade” 

Too  complicated  for  consumers  or  small 
businesses  to  use. 

“Robust” 

System  runs  beautifully  as  long  as  no 
wackos  attempt  to  change  the  configura¬ 
tion,  delete  a  user  or  add  a  record. 

“Intuitive  user  interface” 

After  two  weeks  of  offsite  training, 
several  of  your  brighter  employees  will 
have  figured  out  how  to  log  on. 

“Positive  ROI  within  12  months” 

By  uninstalling  our  hardware  after 
364  days,  your  time  will  be  freed  up  to 
work  on  more  productive  things. 


"Conceptually,  we're  a  Web  2.0 
company” 

Desperately  trying  to  resuscitate 
ideas  from  the  dotcom  era. 


ILLUSTRATION  BY  CHRIS  PYLE 


share 


5x  the  performance,  1/4  the  size.* 

WITH  A  PROCESSOR  THAT  USES  ABOUT 
THE  SAME  POWER  AS  A  LIGHT  BULB. 

The  new  Sun  Fire"  servers  with  CoolThreads"  technology. 


Get  a  free  60-day  trial 
now  at  sun.com.' 

£ 

Java  soiaris  uitrasparc-- 


@  2006  Sun  Microsystems,  Inc.  All  rights  reserved. 
Perfoimance  based  on  customer  testing.  Power  and  space 
saving  based  on  comparing  power  supply  ratings  and  size 
rating  ol  Dell  PowerEdge  6850  to  Sun  Fire  Tiooo  Server. 
Some  restrictions  apply.  See  sun.com  for  details. 


At  0.45"  thin,  this  is  huge. 


Introducing  motorola  exclusively  from  Verizon  Wireless. 

Ultra  thin.  Fully  loaded.  The  Q  comes  equipped  with  Windows  Mobile?  email 


broadband  network.  Never  before  could  you  do  so  much  with  so  little. 


veti  Onwireless 

www.  verizon  wireless,  com/ 


Call  our  representatives  at  1.800.VZW.4  BIZ 

IMPORTANT  CUSTOMER  INFORMATION:  The  wireless  broadband  network  averages  400-700  kbps  based  on  our  network  tests  with  5MB  FTP  data  files,  without  compression,  available  in  181  major 
metropolitan  areas  covering  over  148  million  people,  and  is  expanding  coast  to  coast.  Actual  speeds  and  coverage  vary.  Coverage  limitations,  maps  &  details  at  verizonwireiess.com.  Email:  Additional 
charges  apply.  Motorola,  Q  and  their  logos  are  trademarks  of  Motorola,  Inc. 


